W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

RE: Note use-case rework

From: Doyle, Bill <wdoyle@mitre.org>
Date: Fri, 27 Jul 2007 10:31:54 -0400
Message-ID: <518C60F36D5DBC489E91563736BA4B5801929167@IMCSRV5.MITRE.ORG>
To: "Close, Tyler J." <tyler.close@hp.com>, <public-wsc-wg@w3.org>

Comments I went back up to section 6.4 to see how threats were derived
and had some trouble.

6.4  - I am not following the scenarios where one is a question and one
a statement, should they be common questions? In scenario one how does
Alice know that she is really connecting to her bank to initiate the
effort? Or should both just be tasks and question about connections

Scenario one - Identified source, Identified destination, Providing

Once a week, Alice pays her bills. She opens her web browser, follows
the habitual bookmark to her bank's site, logs in by entering her
credentials, and follows the routine course through the online banking

Betty's home wireless router has a web interface for making
configuration changes. When the router is installed, it generates a
self-signed SSL server certificate. Sometime later, Betty attempts to
make a configuration change. How does Betty know she's connected to the
router she setup earlier, and not her neighbor's?


Do we want to mention URL obscuring?

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Close, Tyler J.
Sent: Thursday, July 26, 2007 11:13 PM
To: public-wsc-wg@w3.org
Subject: RE: Note use-case rework

I've added some more content to the Note, derived from the Threat trees
work. This is probably all I'm going to do here, so speak up if you
think I've missed something important. See:



-----Original Message-----
From: public-wsc-wg-request@w3.org
On Behalf Of Close, Tyler J.
Sent: Wednesday, July 25, 2007 9:08 PM
To: public-wsc-wg@w3.org
Subject: Note use-case rework

I've done a significant rework of the use-cases section of the Note. I
think I've provided better structure and integrated some information
from the threat-trees work. I've preserved the various use-case
and added the new mobile browser story. I plan to integrate more of the
threat trees work, but am calling for feedback now.  See:


Received on Friday, 27 July 2007 14:32:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC