- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Sat, 23 Jun 2007 06:25:02 -0400
- To: "'Close, Tyler J.'" <tyler.close@hp.com>, <public-wsc-wg@w3.org>
I think the use cases would be more "useful" if they included, where applicable, the applicable branches in the threat tree. That is, "Joan wants to access her bank website, she types in the url, makes a type, and instead gains access to a spoof of her bank which looks natural and provides a false log-on form" - now how would the recommended solution help in this scenario? -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Close, Tyler J. Sent: Friday, June 22, 2007 6:10 PM To: public-wsc-wg@w3.org Subject: Note use-cases as explanatory device Looking at the draft Rec proposals, it's not clear to me that the current use-cases are providing the needed basis for explanation and evaluation. I think we need to figure out why before we put the Note to bed. Now seems like a good time to take a step back and judge how well our use-cases have enabled the description and evaluation of our recommendations. What issues did authors have in using the Note use-cases to describe their recommendations? Would the threat trees work provide a better basis for explanation and evaluation? Tyler
Received on Saturday, 23 June 2007 10:25:17 UTC