attachment
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Thanks Michael for the initial comment.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
The direction you suggested also makes sense to me.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
The additional minor question is around whether the these various URI values need to have the same domain as the Infrastructure printer's own URI, assuming all other rules are in place.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Thanks,</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Jimmy</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Michael Sweet <msweet@msweet.org><br>
<b>Sent:</b> Friday, April 19, 2024 6:36 AM<br>
<b>To:</b> PWG IPP Workgroup <ipp@pwg.org><br>
<b>Cc:</b> Jimmy Wu <Jimmy.Wu@microsoft.com><br>
<b>Subject:</b> [EXTERNAL] Re: [IPP] Feedback request on "printer-icons" and "printer-more-info-manufacturer" in PWG IPP-Infra</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Jimmy,<br>
<br>
> On Apr 17, 2024, at 12:53 PM, Jimmy Wu via ipp <ipp@pwg.org> wrote:<br>
> ...<br>
> The spec defines "Public Internet Accessible" as "can be accessed via the public Internet without additional credentials or authentication".<br>
> We have some security / privacy concerns regarding the cloud service ("Infrastructure Printer") providing URI value(s) that are open to the world without needing any credentials.<br>
> ...<br>
<br>
We should clarify this while we have the INFRA spec open for an errata update. The key phrasing here is "without additional credentials or authentication", so that if your service requires an OAuth bearer token (for example) then the expectation is that those
resources would also require the *same* bearer token.<br>
<br>
I agree 100% that a cloud service needs to protect its resources - the concern here is that those resources don't impose additional restrictions that would prevent a Client/End User from accessing them when they should be able to...<br>
<br>
________________________<br>
Michael Sweet<br>
<br>
</div>
</span></font></div>
</body>
</html>