Thanks Michael for the initial comment.
The direction you suggested also makes sense to me.
The additional minor question is around whether the these various URI values need to have the same domain as the Infrastructure printer's own URI, assuming all other rules are in place.
Thanks,
Jimmy
________________________________
From: Michael Sweet <msweet at msweet.org>
Sent: Friday, April 19, 2024 6:36 AM
To: PWG IPP Workgroup <ipp at pwg.org>
Cc: Jimmy Wu <Jimmy.Wu at microsoft.com>
Subject: [EXTERNAL] Re: [IPP] Feedback request on "printer-icons" and "printer-more-info-manufacturer" in PWG IPP-Infra
Jimmy,
> On Apr 17, 2024, at 12:53 PM, Jimmy Wu via ipp <ipp at pwg.org> wrote:
> ...
> The spec defines "Public Internet Accessible" as "can be accessed via the public Internet without additional credentials or authentication".
> We have some security / privacy concerns regarding the cloud service ("Infrastructure Printer") providing URI value(s) that are open to the world without needing any credentials.
> ...
We should clarify this while we have the INFRA spec open for an errata update. The key phrasing here is "without additional credentials or authentication", so that if your service requires an OAuth bearer token (for example) then the expectation is that those resources would also require the *same* bearer token.
I agree 100% that a cloud service needs to protect its resources - the concern here is that those resources don't impose additional restrictions that would prevent a Client/End User from accessing them when they should be able to...
________________________
Michael Sweet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20240422/388d1b1e/attachment.html>