W3C home > Mailing lists > Public > public-wsc-wg@w3.org > March 2007

Re: Threat Trees

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 14 Mar 2007 08:50:27 -0400
Cc: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OFDCF7D9A3.4FD28526-ON8525729E.00454DA4-8525729E.00468B73@LocalDomain>
To: ses@ll.mit.edu
Thanks Stuart. I'd like to put this on the agenda for our next meeting. 
Will you be there and able to lead discussion? 

It's a bit of a nit (or not, depending on how you look at it), but  for:
> Bookmark or other relationship stored in browser or OS 
As we've discussed several times, we shouldn't assume the user agent is a 

> Email link 
I'm not convinced that's general enough. I can think of at least one other 
data push application that's not the web - instant messaging. 

Related to that, the web link categories don't seem to encapsulate the 
social networking/user data aspects of web links (like blogs). 

If this propagates to something more formal, see if you can find an 
example less inflammatory than NAMBLA. 


Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

"Stuart E. Schechter" <ses@ll.mit.edu> 
Sent by: public-wsc-wg-request@w3.org
03/12/2007 02:58 PM

Web Security Context WG <public-wsc-wg@w3.org>

Threat Trees

I've updated the use case dimensions provided by Thomas and made a first
stab at a threat tree.  I've primarily focused on site-impersonation 
because I believe they are the focus of this working group (happy to be

The draft is at:


This is in response to
  ACTION-95:     Review use cases, suggest reorganization, ...
  ACTION-124:    Initiate work on threat tree
Received on Wednesday, 14 March 2007 12:50:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:14 UTC