[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (COEL-75) RPE: Mandate use of different passwords in different embodiments
[ https://issues.oasis-open.org/browse/COEL-75?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=63231#comment-63231 ]
Paul Bruton commented on COEL-75:
---------------------------------
On a closer read I note we are already mandating the use of different passwords for each embodiment (in the tables for each actor). The text in section 4 contradicts (and weakens) that statement so I am going to go with 'SHALL'
> RPE: Mandate use of different passwords in different embodiments
> ----------------------------------------------------------------
>
> Key: COEL-75
> URL: https://issues.oasis-open.org/browse/COEL-75
> Project: OASIS Classification of Everyday Living (COEL) TC
> Issue Type: Task
> Reporter: Paul Bruton
> Assignee: Paul Bruton
>
> Ref; RPE section 4.3.1.4 "Different userids and different passwords MAY be used for each embodiment"
> We might allow the use of the same username in different embodiments but we ought to mandate the use of different passwords. If anyone snoops on IDA traffic (e.g. through attacking the DNS and impersonating the IDA) and collects operator passwords that can then be used to retrieve data from a service provider, we are putting consumers behavioural data at risk.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]