[IPP] Updated stable draft of IPP Authentication Methods posted

[IPP] Updated stable draft of IPP Authentication Methods posted

Michael Sweet msweet at apple.com
Mon Mar 4 21:10:21 UTC 2019


Smith,

> On Mar 4, 2019, at 2:49 PM, Kennedy, Smith (Wireless & Standards Architect) <smith.kennedy at hp.com> wrote:
> 
> 
> 
>> On Mar 4, 2019, at 11:14 AM, Michael Sweet <msweet at apple.com <mailto:msweet at apple.com>> wrote:
>> 
>> Smith,
>> 
>>> On Mar 4, 2019, at 12:22 PM, Kennedy, Smith (Wireless & Standards Architect) via ipp <ipp at pwg.org <mailto:ipp at pwg.org>> wrote:
>>> 
>>> Greetings,
>>> 
>>> Thanks to all who provided feedback on the 20190117 draft of IPP Authentication Methods. Since I received valuable non-editorial feedback in addition to editorial feedback on the draft from the PWG Last Call, I have produced a new revision that hopefully resolves all the issues and can be used in a second last call. The new draft is here:
>>> 
>>>    https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippauth-20190304.odt <https://protect-us.mimecast.com/s/D3aXC1wq8qiGREkwuL5aci?domain=ftp.pwg.org> 
>>>    https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippauth-20190304.pdf <https://protect-us.mimecast.com/s/zuXzC2kr5rf3jERoI1JDrB?domain=ftp.pwg.org> 
>>>    https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippauth-20190304-rev.odt <https://protect-us.mimecast.com/s/u2zDC31v5viKBRGYI21Si0?domain=ftp.pwg.org> 
>>>    https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippauth-20190304-rev.pdf <https://protect-us.mimecast.com/s/wmRLC4xw7wu5o7mAuWGutv?domain=ftp.pwg.org> 
>>> 
>>> I included the contents of my LCRC document in the "Change History" section. If those that submitted comments could review this draft offline and evaluate whether my changes have fixed their issues, I'd appreciate it.
>> 
>> 
>> The -rev version is (as usual) a bit hard to follow, but I like the changes.
> 
> Totally agree!
> 
> https://bugs.documentfoundation.org/show_bug.cgi?id=123848 <https://bugs.documentfoundation.org/show_bug.cgi?id=123848>
> 
> 
>>  We normally do the LCRC comments in a separate txt file, but I'm fine with it being in the changes section for now.  Process/3.0 doesn't require a particular format or filename, just that all comments and their resolutions be listed for review.
>> 
>> Feedback:
>> 
>> One addition I'd like to see to see for the "requesting-user-name" method is a note that some Clients use a constant identity as a privacy defense (e.g., "mobile" from iOS Clients) when sending requests, so from a Printer's perspective this method is basically useless.  In the context of GDPR, this falls under a need for explicit consent - a password challenge or Client UI requesting permission to provide the real user name is required.  At Apple we decided to always hide the requesting user on iOS for basic privacy reasons, relying on authentication where such information is genuinely needed.
> 
> Do you want this in section 4.2 "The 'requesting-user-name' IPP Authentication Method" (using numbering from the non-rev documents), or in 5.1.1. "General Recommendations" (for Clients), or 7.2. "Client Security Considerations"? There seems to be two different statements: what is done in the field, and what a Client or Printer ought to do.

I was thinking of this being in section 4.2.  As far as the general recommendations for clients, I think we need to make a note of privacy concerns, .i.e., recommend that Clients don't just throw the current username in there without getting explicit permission from the User.

>> In the general client recommendations (section 14.2?), you say:
>> 
>>     Client security considerations (section 18.2) should also be followed.
>> 
>> Since we have a lowercase "should" here, perhaps reword this as:
>> 
>>     Also see section 18.2 for Client security considerations and recommendations.
> 
> OK. Will fix that now and re-post once I am clear about what to do about the "anonymized 'requesting-user-name'" issue above and where it should live.
> 
>> 
>> There is a similar statement in the general printer recommendation (section 14.4?), which should probably read "Also see section 18.4 for Printer security considerations and recommendations." (right now it says Client...)
> 
> Will fix that one too.
> 
>> 
>> _________________________________________________________
>> Michael Sweet, Senior Printing System Engineer

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20190304/bced828c/attachment.html>


More information about the ipp mailing list