Re: [w3ctag/design-reviews] Distributed Tracing WG: Baggage specification (#650) from Sergey Kanzhelev on 2021-10-19 (public-webapps-github@w3.org from October 2021)

From: Sergey Kanzhelev <notifications@github.com>
Date: Tue, 19 Oct 2021 11:44:55 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/650/947007707@github.com>

@hadleybeeman thank you for your questions and sorry for delay.

> 1. Who is the user for this? What need of theirs is it meeting? It would help us a lot of if you could put those points in your explainer.

The user for Baggage is an application developers or authors or third party tools installed to these applications. Baggage is a mechanism that enables specific scenarios of information propagation across components of a distributed system. By standardizing it we are simplifying implementation of these scenarios as well as giving application developers some mechanisms or verification on what is shared between systems. At present, custom headers are often used which makes is harder to audit universally.

> 2. We are concerned about the privacy/security implications of opening up a metadata channel that the user can't control. Have you thought through any attack scenarios? And if so, what are your thoughts on how to make them less likely to happen?

At present those scenarios are often implemented using custom headers, which makes it harder to control. We expect the most implementation will want to switch to unified approach that will offer a better compatibility across vendors and components. And this will make audit and control of what metadata is shared easier.

> The [security](https://w3c.github.io/baggage/#security-considerations) and [privacy](https://w3c.github.io/baggage/#privacy-considerations) sections of your spec talk about the responsibilities of application owners and systems. Does your approach let users protect themselves too? Or might it be easier to track them with your proposal?

End users must rely on application authors for protection. Similar how it happens with any custom headers application author may decide to send today, there is no mechanism to control what will be sent via the `baggage` header. In future if baggage will be widely used on browsers in JS libraries, browsers may consider restricting where `baggage` headers will be send. 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/650#issuecomment-947007707

Received on Tuesday, 19 October 2021 18:45:08 UTC