Am 21.10.22 um 15:46 schrieb Hollenbeck, Scott
[SAH] OK, if we keep the "userClaims" I probably need to add text to the
Security Considerations section. How about this:
"Some of the responses described in this specification return information to a client from an
RDAP server that is intended to help the client match responses to queries and manage sessions.
Some of that information, such as the "userClaims" described in Section 4.1.1, can be
personally identifiable and considered sensitive if disclosed to unauthorized parties. An RDAP
server operator SHOULD develop policies for information disclosure to ensure that personally
identifiable information is disclosed only to clients that are authorized to process that
information."
+1
Kind Regards,
Pawel
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
