/
2021-10-19 Privacy SIG Notes

2021-10-19 Privacy SIG Notes

Nov 02, 2021

Date

Oct 19, 2021

Attendees

@James Fuller@Peter Murray@Ingolf Kuss

Goals

Discussion items

Time

Item

Who

Notes

Time

Item

Who

Notes

Make edits to the Google Docs draft of the Privacy SIG charter

  • James to review and improve the wording of the charter with "track changes" turned on.  We will review at the next SIG meeting.

 

Setting next meeting time.

 

Moving one hour later is good (although it conflicts with the Implementors meeting).  Moving earlier is okay, but not ideal.

 

Review MODLOGIN-163: POST /authn/login response contains clear text passwordClosed from a privacy perspective.

 

This is primarily a security issue with the pattern of the request-response with the cleartext password.  There is a privacy concern when the body of the response is saved in log files, but the overriding concern is one of security.

Action items