Skip to content

Numerous improvements to security considerations #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 16, 2017
Merged

Numerous improvements to security considerations #487

merged 6 commits into from
Nov 16, 2017

Conversation

handrews
Copy link
Contributor

This is probably about as much as we'll do for draft-07. We'll keep working on the security sections as the drafts progress, but this is at least as good as it has been for the last few drafts.

Addresses #456 plus various things not filed as issues.

Commit log:

|     Security considerations for "content*"
|     
|     a.k.a. don't take executable content types from strangers
|  
* commit 58c6b96cb13d5a593209154cc854067c3bf0e954
| Author: Henry Andrews <[email protected]>
| Date:   Tue Nov 14 12:44:59 2017 -0800
| 
|     Add a bit more about target attribute authority
|     
|     While "targetSchema" is technically never required to process
|     a response, as the response should indicate its own schema,
|     other target attributes in the LDO, such as the submission schema,
|     cannot be conveyed in any way other than through the LDO.
|     
|     It would seem like we need a provision for determining when the
|     LDO can be constructed, but it's not entirely clear how that
|     should work.  Put in a bit about it and a CREF to hopefully
|     attract the attention of someone who can improve the section.
|  
* commit b49541da81be4302f20d3f824ce50e8f6787c225
| Author: Henry Andrews <[email protected]>
| Date:   Mon Nov 13 22:06:33 2017 -0800
| 
|     Move "self" link security bit to last subsection
|     
|     The other parts flow much more naturally from the mention of
|     RFC 8288 in the introductory part of the security section.
|  
* commit d7254824f8188a7e8ad8e441ead4f4eeb641d597
| Author: Henry Andrews <[email protected]>
| Date:   Mon Nov 13 22:03:19 2017 -0800
| 
|     Reference RFC 8288 in Security Considerations
|     
|     8288 is the update of 5988 Web Linking.  As a link serialization
|     format, Hyper-Schema shares those vulnerabilities.
|  
* commit 11de781a2b863e36463b242c36e4f526db819a2f
| Author: Henry Andrews <[email protected]>
| Date:   Mon Nov 13 16:26:23 2017 -0800
| 
|     Clean up target attribute security considerations
|     
|     This was an awkward copy-paste.  Fix it up and remove the CREF
|     reminding me to do so.
|  
* commit 379285ab5e3ef1c3a8f0b0033b8759c57740ea8b
| Author: Henry Andrews <[email protected]>
| Date:   Mon Nov 13 16:08:47 2017 -0800
| 
|     Add CREF for "self" link sub-path
|     
|     Since I have no idea what it is trying to do.

See also #485 about possibly removing the "self" link bit.

@handrews handrews added this to the draft-07 milestone Nov 14, 2017
@handrews
Copy link
Contributor Author

@json-schema-org/spec-team anyone?

@handrews handrews requested a review from a team November 16, 2017 17:45
@handrews
Copy link
Contributor Author

Trying to get this published on Monday or at least sometime next week...

@handrews
Add CREF for "self" link sub-path
7a25d4f 
Since I have no idea what it is trying to do.
@handrews
Clean up target attribute security considerations
489dd5e 
This was an awkward copy-paste.  Fix it up and remove the CREF
reminding me to do so.
@handrews
Reference RFC 8288 in Security Considerations
8a27a0c 
8288 is the update of 5988 Web Linking.  As a link serialization
format, Hyper-Schema shares those vulnerabilities.
@handrews
Move "self" link security bit to last subsection
c0373a3 
The other parts flow much more naturally from the mention of
RFC 8288 in the introductory part of the security section.
@handrews
Add a bit more about target attribute authority
f314d36 
While "targetSchema" is technically never required to process
a response, as the response should indicate its own schema,
other target attributes in the LDO, such as the submission schema,
cannot be conveyed in any way other than through the LDO.

It would seem like we need a provision for determining when the
LDO can be constructed, but it's not entirely clear how that
should work.  Put in a bit about it and a CREF to hopefully
attract the attention of someone who can improve the section.
@handrews
Security considerations for "content*"
e3a4ffd 
a.k.a. don't take executable content types from strangers
@handrews
Copy link
Contributor Author

Update just now is a rebase to handle conflicts with the title-casing change.

@handrews handrews merged commit 92fc8cb into json-schema-org:master Nov 16, 2017
@handrews handrews deleted the security branch November 16, 2017 20:21
@handrews handrews mentioned this pull request Nov 16, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlax dlax dlax approved these changes

Assignees
No one assigned
Labels
Priority: High Type: Security validation
Projects
None yet
Milestone
draft-07
Development

Successfully merging this pull request may close these issues.
2 participants
@handrews @dlax