Roberto Polli
Roberto Polli
## I suggest moving miro/draw.io/... to a general whiteboard practice ## Note in general, under implementation we currently include both tools and techniques. It could be reasonable to separate these...
## I expect - "reduction of the attack surface" should be described and classified better - can be implemented via various techniques, such as software inventory and application and configuration...
## Discussion - ensure that signing-of-commits and signing-of-commits-protection are not duplicate activities.
## I expect - microservice architecture to depend on the implemented solution ## Instead - it is listed as a security measure ## Note See https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html
## I expect - that implementations reference specific technologies or techniques ## Instead - they reference `docker` and `container-technologi`es ## Note Docker is a very broad term, since it includes:...
## Task - reassess the security of TOTP vs other mechanisms like security keys
## I expect - to replace HTML with a more constrained language (markdown or plaintext) - consider mandating plaintext for some fields (needs thoughts)
## I expect - all URLs to have an implementation.
## I expect A way to express structured-fields serialization rfc8941 - https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html Here are some examples: ``` Example-IntegerHeader: 42 Example-BoolHdr: ?1 Example-StringHeader: "hello world" Example-BinaryHdr: :cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg==: Example-StrListHeader: "foo", "bar", "It...
### Description Connexion uses x-bearerInfoFunc to reference validating functions ### Expected behaviour A configurable app parameter for hiding this parameter from the served spec ### Actual behaviour The x-bearerInfoFunc is...