Meeting minutes
Slideset: https://
simone: Earlier today we were trying to threat model the Digital Credentials API. Here we're going to discuss threat modeling in general.
simone: I have a threat of dropping my phone, so I use a rugged cover. I have a threat of shoulder surfing, so I use a privacy screen.
<reillyg> s/thread/threat/
<ChrisLilley> Security and Privacy section*s*
<reillyg> s/Slideset/My slides/
simone: What is the best model? It depends on what we're trying to do!
<reillyg> s/Slideset:/Slideset/
simone: It can be difficult to switch your mind to the attacker's perspective.
?, you mention authentication. Is authorization rolled into that?
simone: In OSSTTM yes.
… This was an important question because words may have different meanings for different people.
simone: For example, w3c/
?, how does third party risk from software ecosystems fit into what you've discussed?
? is Susan
simone: I used to work in threat response. Absolutely (gives recent examples).
… A threat actor will just ignore your threat model if it allows an attack.
Maxim: Who gets to decide what is out of scope (e.g. malware vs. WebAuthn)?
simone: These are areas where there's ongoing work.
… Sometimes the mitigation is in a different group, or requires a completely different approach.
… E.g. Passkeys were design to remove passwords because if you don't have a password it can't be phished.
reillyg: In the malware example. It creates so many other problems that trying to mitigate it in just one place is unhelpful.