Security and Privacy Considerations

[mmccool]

Adding additional content to the Security and Privacy Considerations section.
See issue #67 and issue w3c/wot-security#196

---

Preview | Diff

[mmccool]

Marked as not-WIP however at present I only have two risks: DDoS and location tracking. Suggestions for other risks welcome. Certain issues mentioned in the above-linked issues should be dealt with elsewhere in the document. For example, JSON path injection attacks should be designed out by limiting the features that can be used in JS embedded in JSON path queries.

[mmccool]

• Access controls for explicit location data should me mentioned
• Negative location inferencing can be mitigated by having long time to live (e.g. one month in the home use case)
• We should consider things/ask PING what they would likely be concerned about

[mmccool]

Comment:

• Peer-to-Peer; change to Interpersonal and Interinstitutional?
• Not normative; there are some comments above and in the issues that should be dealt with separately with normative changes, though.
• I did capture the entire discussion from the issues above and embedded it in a comment for easy reference; this should be stripped in the final version

[mmccool]

• add references from S&P section (which is informative) to normative items addressing particular concerns. This will make it easier for Security/Privacy reviews to find risks and mitigations.
• We might even mention a risk but just point to a normative mitigation that addresses it (e.g. query injection -> limited expressive power of queries)

For example, for DDoS, we should reference specific mechanisms specified to prevent query injections, use of arbitrary JS in JSON Path, etc. (last point might be dealt with in IETF JSON path spec though, need to check).