Meeting minutes
minutes review
<kaz> Oct-19
McCool: any objections to publishing the minutes?
… no objections, publish
PRs and Issues
PR #224
<kaz> PR 224 - Update README.md
McCool: rewording the README
… any objections to merging?
… merged
PR #231 - Discovery Requirements
<kaz> PR 231 - Capture Discovery Requirements
McCool: added category names
McCool: some of the category names are actually use cases
McCool: the education use case needs more context in the name
Kaz: adding existing use cases is good, we need more discussion around education use cases
… for example learning analytics
… suggest that we add a note to explain that we need more use cases
McCool: split up some use cases that had more than one requirement combined
… some section numbering is wrong
Kaz: there should be accessibility use cases. note that one specific use case could belong to multiple categories.
… (online editing)
McCool: consistent format for entries example committed to the document
… still need to fix some formatting
… any objections to merge this once the formatting is fixed?
Kaz: happy with this direction, this could become a new template
McCool: yes, the big job is the TD work
Ege: this looks good, but not sure how the rest of the pipeline will work
… what about the title for example system
McCool: this is the category, thinking about dropping the categories
Ege: what do we do if a requirement is not satisfied and we need to create a feature and work items
McCool: we will need to link to work items
… what if a requirement is partially satisfied? What is the progress?
… what about mandatory vs. optional features?
Ege: this is better and should be merged
Kaz: we can start with this and iterate, and improve the categories. for example, we could use "General" instead of "System" for 4.3.6.1
McCool: we can merge now and discuss the structure more later
… we can start a PR for TD and bindings now
PR#233 - Security
<kaz> PR 233 - Template for Category/Risk org for Security Requirements
McCool: started to define categories, work in progress
McCool: subsection for risk
McCool: each risk has a mitigation requirement
… any opinions or comments?
Kaz: the direction is good, I fixed the spelling in the title, also there is a formatting error
McCool: added security to the category names to avoid conflicts with other categories
McCool: should the requirement be named after the risk or the mitigation?
… A risk may have multiple requirements
Issue #232
<McCool> Issue 232 - Create Security Categories for Use Cases #232
McCool: specific categories for security
Ege: the public category seems to be more than one category
McCool: there might be come common requirements in the public category, for example ddos
… we can always iterate and adjust
Kaz: in the titles, maybe we could add "risk of" to clarify the security context
McCool: some requirements could fall into more than one category
Kaz: we don't need to add risk of to the titles
Kaz: also we should think about using a noun or adjective in the title
McCool: adjectives are more descriptive
Kaz: for example private is too vague, we should add more description
… we should think about what kind of titles to use for the categories
McCool: will follow up with another meeting, TBA
… adjourned