Re: [IG-SP] Review of Security&Privacy Requirements Catalogue from Kazuyuki Ashimura on 2015-08-19 (public-auto-privacy-security@w3.org from August 2015)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Thu, 20 Aug 2015 03:35:45 +0900
To: Paul Boyes <pb@opencar.com>
Cc: public-automotive <public-automotive@w3.org>, "public-auto-privacy-security@w3.org" <public-auto-privacy-security@w3.org>
Message-ID: <CAJ8iq9VfQTDEFU8HjBJF9_zi9Wbjcj5QDyz63ku-xV2NaTx=oA@mail.gmail.com>
On Thu, Aug 20, 2015 at 3:18 AM, Paul Boyes <pb@opencar.com> wrote:

> Sounds good Kaz.  This could be part of the WG agenda for Monday or
> Tuesday at TPAC.  Would that make sense?
>

Sure :)

Kazuyuki



>
>
> Paul J. Boyes
> --------------------------------
> Mobile:   206-276-9675
> Skype:  pauljboyes
>
>
>
>
> On Aug 19, 2015, at 10:15 AM, Kazuyuki Ashimura <ashimura@w3.org> wrote:
>
> Thanks for forwarding this to the public-automotive list, Paul!
>
> During the WoT IG meeting in Sunnyvale, I mentioned our
> security&privacy discussion within the Automotive BG/WG
> and suggested the WoT IG should work with the Automotive
> group.
>
> And Oliver, the moderator of the WoT IG's security&privacy
> TF, said:
> - They are interested in the possible collaboration.
> - However, they would concentrate on their own formalization first.
> - TPAC 2015 in Sapporo would be a good opportunity to start actual
>   collaboration.
>
> Kazuyuki
>
>
> On Thu, Aug 20, 2015 at 12:18 AM, Paul Boyes <pb@opencar.com> wrote:
>
>> >From the WOT group.  Is of interest.
>>
>> Paul J. Boyes
>> --------------------------------
>> Mobile:   206-276-9675
>> Skype:  pauljboyes
>>
>>
>>
>>
>> Begin forwarded message:
>>
>> *Resent-From: *<public-wot-ig@w3.org>
>> *From: *"Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com>
>> *Subject: **RE: [IG-SP] Review of Security&Privacy Requirements
>> Catalogue*
>> *Date: *August 10, 2015 at 7:49:18 AM PDT
>> *To: *"'Pfaff, Oliver'" <oliver.pfaff@siemens.com>, "public-wot-ig@w3.org"
>> <public-wot-ig@w3.org>
>>
>> Hi Oliver and others,
>>
>> Thanks for compiling this catalogue. I have some initial comments:
>>
>> 1.      Maybe each requirements should have a number or any other id.
>> That would make it easier in discussions and follow-up of requirements.
>> 2.      The list does more look like a the Security&Privacy Glossary in
>> more detail than a list of requirements. That might be ok depending what we
>> want to achieve. Do we want this or do we want?
>> a.       A total and tangible list of the security&privacy features
>> applicable for WoT that needs to be covered by W3C standards (existing and
>> new), using MUST, SHOULD and MAY vocabulary?
>> b.      A tangible list of the security&privacy features applicable for
>> WoT that needs to be standardized by W3C in addition to what exists today
>> (or what is in progress being standardized), i.e. a gap list, using MUST,
>> SHOULD and MAY vocabulary?
>> WDYT?
>>
>> BR
>>   Claes
>>
>>
>>
>> *Claes Nilsson*
>> Master Engineer - Web Research
>> Research&Incubation
>>
>> *Sony Mobile Communications*
>> Tel: +46 70 55 66 878
>> claes1.nilsson@sonymobile.com <Firstname.Lastname@sonymobile.com>
>>
>> sonymobile.com
>>
>> <image003.png>
>>
>> *From:* Pfaff, Oliver [mailto:oliver.pfaff@siemens.com
>> <oliver.pfaff@siemens.com>]
>> *Sent:* den 5 augusti 2015 13:48
>> *To:* public-wot-ig@w3.org
>> *Subject:* [IG-SP] Review of Security&Privacy Requirements Catalogue
>>
>> Dear colleagues,
>> until now the Security&Privacy Requirements Catalogue
>> <https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue>
>>  used to be a bit of a laundry list. That changed and now there is a
>> first draft version for review.
>>
>> Formally the Wiki page is public (as well as this mail) and we’d accept
>> comments from anybody in WoT IG. However I would like to ask for review and
>> feedback from [IG-SP] before sending heads-up notices to the TFs.
>>
>> When reviewing, please check for:
>> ·        *Completeness*: does the catalogue cover all requirements that
>> we want to highlight (caveat: it should not become too lengthy, special
>> interest items may have to be dropped to avoid the ‘TL;NR’ syndrome)?
>> ·        *Correctness*: are the contents of the catalogue sufficiently
>> sound (caveat: it should not become academic, becoming too nitty-gritty
>> should be avoided)?
>> ·        *Comprehension*: do the contents compile when reading through
>> the catalogue with common sense, are the contents intuitively accessible?
>> ·        *Wording*: which improvements are needed to pass the ‘native
>> speaker check’?
>>
>> I suggest a review/feedback period (within SP) until Aug, 12. Please
>> provide suggestion and addition/change requests on the public mailing list
>> or in a personal exchange (suggestions and addition/change requests that
>> arrive thereafter will also be accommodated – this is not meant as a final
>> call)
>>
>> Please note that I will do a round of double-checking against the IIC
>> reference architecture during this review/feedback period (=> there might
>> be some [hopefully minor] updates)
>>
>> Please also note that there will be some derivative work that will
>> reflect the structure of the security&privacy requirements catalogue =>
>> adding (new) catalogue items later on will be easy, tweaking the structure
>> will be tedious. So let’s put a priority on establishing a structure that
>> has a good chance of staying stable
>>
>> Kind regards,
>> Oliver
>>
>>
>>
>
>
> --
> Kaz Ashimura, W3C Staff Contact for Auto, TV, MMI, Voice and Geo
> Tel: +81 3 3516 2504
>
>
>


-- 
Kaz Ashimura, W3C Staff Contact for Auto, TV, MMI, Voice and Geo
Tel: +81 3 3516 2504
Received on Wednesday, 19 August 2015 18:37:00 UTC