Hi Mike,
Bringing this back to your proposal...
> On Dec 1, 2020, at 8:30 AM, Michael Sweet <msweet at msweet.org> wrote:
>> Smith,
>>> On Dec 1, 2020, at 8:59 AM, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy at hp.com> wrote:
>>>> Hi Mike,
>>>> No objections to adding this but a few thoughts:
>>>> - PII concerns?
>> Not directly - this identifies the printer, not an individual. If the value was propagated outside of IPP with other personal information it might be used to identify someone ("Mike" printed to a printer with serial number 12345678, it must be Mike Sweet and not Mike Jones). But this is purely informational from the Printer to the Client, for maintenance/support purposes.
Our concern is that the serial number could be used to identify the owner via a warranty call etc.
The IPP Privacy Attributes v1.0 doesn't define a "printer-privacy-attributes (1setOf type2 keyword)" or "printer-privacy-scope (type2 keyword)" so we don't have a way to indicate to a Client that "printer-serial-number" might not be available other than via an authenticated Get-Printer-Attributes etc.
Considering this, I almost wonder if we need to talk again about why an unauthenticated Get-Printer-Attributes is required to expose all Printer Description attributes. I remember us discussing the justification was to preserve backward compatibility. But surely some Printer management attributes should only be visible to the "Owner" or "Operator", and that identity should be authenticated?
Sorry, not trying to open up too many cans of worms here...we can discuss in person on Thursday?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201201/b1e042a8/attachment.sig>