Re: ISSUE-77: Reference threat work in wsc-usecases

On 2007-07-30 15:32:05 -0400, Mary Ellen Zurko wrote:

> Concensus at the Dublin meeting was to reference our threat tree
> work. I'm going to take another stab at a proposal, against the
> current text of the draft. 

Here's an alternative proposal to what your wording suggests,
consistent with the consensus from Dublin:

Let's instead publish the threat tree work as a separate note along
with the use cases right away, clearly tagged as work in progress,
and with an appropriate reference in the use case note.  We can then
update the threat tree note whenever it seems convenient, and with
little effort.

A first stab is here:

  http://www.w3.org/2006/WSC/drafts/threats/Overview.html

I've set up some tools so changes can continue to be made to the
wiki, and it will take a pretty small amount of manual intervention
to publish an update of this note to track such edits.

Some boilerplate material and the references are currently missing.

As far as the use cases document is concerned, I'm a bit concerned
that the material that is currently in there covers only part of the
threat trees.  I'd prefer to return to the "high level captions"
approach that we had before.

Language for the use case note:

	Threats which are in scope for the work described in this
	Note are further discussed below.  A comprehensive threat
	tree is work in progress. [WSC-threats]

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Monday, 30 July 2007 21:58:29 UTC