Re: [w3c/push-api] Clarify requirements for push endpoint determinism and predictability (#274) from Peter Beverloo on 2017-08-21 (public-webapps-github@w3.org from August 2017)

From: Peter Beverloo <notifications@github.com>
Date: Mon, 21 Aug 2017 16:56:26 +0000 (UTC)
To: w3c/push-api <push-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/push-api/pull/274/review/57549411@github.com>

beverloo commented on this pull request.

Thanks! Please take another look, I've applied the changes and s/WEBPUSH-PROTOCOL/RFC8030/ everywhere. I'll run tidy after the current series of changes landed.

> @@ -526,6 +526,13 @@
         subscription</a> MUST be <a>deactivated</a>.
       </p>
       <p>
+        The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors

Done.

> @@ -526,6 +526,13 @@
         subscription</a> MUST be <a>deactivated</a>.
       </p>
       <p>
+        The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors
+        other than the <a>push service</a>, such as the user's device, identity or location.
+        <a>Push services</a> that do not require <a>push subscriptions</a> to be restricted to an
+        <a>application server</a> [[!WEBPUSH-VAPID]] MUST NOT generate predictable

Good point - I've updated this to refer 8030 instead.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/274#pullrequestreview-57549411

Received on Monday, 21 August 2017 16:56:59 UTC