spec icon indicating copy to clipboard operation
spec copied to clipboard
verified publisher icon cloudevents

authcontext suggests putting sensitive data in event attributes

Open sasha-tkachev opened this issue 2 years ago • 5 comments

From the authid definition

This might, for example, be a unique ID in an identity database (userID), an email of a platform user or service account, or the label for an API key.

Emails are considered as PII therefore sensitive data. May cause issues with compliance such as GDPR.

The spec says that we SHOULD NOT put sensitive data into extension attributes

I suggest removing this suggestion from the spec, or suggesting to put the hash of the email or something

sasha-tkachev avatar Dec 20 '23 19:12 sasha-tkachev

This issue is stale because it has been open for 30 days with no activity. Mark as fresh by updating e.g., adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Jan 20 '24 01:01 github-actions[bot]

@inlined any thoughts on this one?

duglin avatar Jan 30 '24 21:01 duglin

This issue is stale because it has been open for 30 days with no activity. Mark as fresh by updating e.g., adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Mar 01 '24 01:03 github-actions[bot]

@inlined any comments on this one?

duglin avatar Mar 20 '24 19:03 duglin

This issue is stale because it has been open for 30 days with no activity. Mark as fresh by updating e.g., adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Apr 20 '24 01:04 github-actions[bot]