COS v0.2 Draft ChaptersSingle pageJSON Schema

Security and Privacy Considerations

Version: 0.2
Status: Normative
Category: Security


1. Untrusted input

Producers and Consumers MUST treat source text, labels, URIs, metadata, and Extension payloads as untrusted data. A Context Object does not grant permission to execute, fetch, render, or dereference any contained value.

2. Data minimization

Producers SHOULD emit only the context needed for the intended Consumer. They SHOULD avoid secrets, credentials, hidden page content, unrelated personal data, and content outside the authorized source scope.

3. Extension isolation

Unknown Extensions MUST be ignored safely. Consumers MUST NOT interpret an unknown payload as executable instructions. Failure to process one Extension MUST NOT invalidate otherwise usable core fields.

4. Source boundaries

Adapters MUST respect platform permission and origin boundaries. A browser Adapter, for example, MUST NOT bypass same-origin restrictions or serialize privileged live objects.

5. Integrity and authenticity

COS v0.2 does not define signing, encryption, identity, or transport security. Applications that require authenticity or confidentiality MUST provide them at the transport or application layer and MUST NOT infer trust from schema validity alone.

6. AI consumers

Text inside a Context Object can contain prompt-injection or adversarial content. AI Consumers SHOULD distinguish source content from application instructions and SHOULD apply their own trust and authorization controls.