Smith,
> On Nov 12, 2021, at 12:49 PM, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy at hp.com> wrote:
>> Hi Ira,
>> As you suggested, I've added the IPP Workgroup reflector to the list of recipients to bring this sidebar discussion into the forum without having to start from scratch.
>>> I do agree that it's not desirable that IPP Infrastructure Printers should
>> accept anything except Get-Printers w/out TLS security.
>> If an Infrastructure Printer object is supposed to be available on the Internet but for "private use only", how does that work given the legacy Get-Printer-Attributes use precedent?
OK, some (hopefully obvious) observations:
0. We need to separate the notion of legal access and protocol access to a service.
1. A service that accepts connections over the Internet is, by definition, publicly accessible at the protocol level.
2. Get-Printer-Attributes (and Get-System-Attributes) allow a Client to determine the *legal* access permissions.
3. All other operations enforce the legal access permissions.
> What should the response be from the "System Service" or other process actually hosting the IPP Printer object? HTTP 404? Or an IPP layer equivalent? I'm not sure we ever considered this use case in 5100.18.
HTTP 200 OK with the full set of attributes and values.
> At the very least, we need to have a statement / paper prepared that provides guidance to Infrastructure Printer implementors to the critique that a Get-Printer-Attributes does not constitute either a security or a privacy risk. If each cloud / Infrastructure Printer hosting provider does something different, that makes it very difficult for client implementations to support in any consistent way.
It makes sense to add a discussion of Get-Printer-Attributes to the IPP/2.x update and log an issue against PWG 5100.22 for Get-System-Attributes. We might also include references to this in 5100.18.
________________________
Michael Sweet