Problem description

The Subscription object within the event-subscription-template contains the (optional) attribute sinkCredentials. The CAMARA Design Guidelines do not contain a guidance how to use this attribute if the object is used in responses or retrievals.

The object structure is based on 0.1-wip, which contains the paragraph:

Implementations SHOULD NOT include secrets contained in this map when the subscription object is enumerated or retrieved. Secrets SHOULD be write-only. Tokens, passphrases, and passwords are such secrets and account identifiers might be considered secrets as well.

Expected action

A guidance should be added to the Design Guidelines of CAMARA about the handling of sinkCredentials, potentially even more strict than the above paragraph (e.g. "Secrets MUST be write-only").

Additional context