Jimmy,
> On Apr 17, 2024, at 12:53 PM, Jimmy Wu via ipp <ipp at pwg.org> wrote:
> ...
> The spec defines "Public Internet Accessible" as "can be accessed via the public Internet without additional credentials or authentication".
> We have some security / privacy concerns regarding the cloud service ("Infrastructure Printer") providing URI value(s) that are open to the world without needing any credentials.
> ...
We should clarify this while we have the INFRA spec open for an errata update. The key phrasing here is "without additional credentials or authentication", so that if your service requires an OAuth bearer token (for example) then the expectation is that those resources would also require the *same* bearer token.
I agree 100% that a cloud service needs to protect its resources - the concern here is that those resources don't impose additional restrictions that would prevent a Client/End User from accessing them when they should be able to...
________________________
Michael Sweet