Re: Procedure proposal from ta-hirabayashi@kddi-ri.jp on 2015-07-26 (public-auto-privacy-security@w3.org from July 2015)

From: <ta-hirabayashi@kddi-ri.jp>
Date: Sun, 26 Jul 2015 09:28:25 +0900
To: <public-auto-privacy-security@w3.org>, <xju-hashimoto@kddi.com>
Cc: 平林・ＫＤＤＩ <ta-hirabayashi@kddi.com>, 芦村先生 <ashimura@w3.org>, "Ted Guild" <ted@w3.org>
Message-ID: <20150726002825.0000295B.0903@kddi-ri.jp>

Hi, Hashimoto-san and Security & Privacy TF member

I have added Privacy pages to my previous proposal in Wiki, and modified 
it [1] in line with Hashimoto-san's suggestions.

[1] 
https://www.w3.org/auto/security/wiki/images/6/69/Proposed_Collaborative_Work_Procedures_for_Security_%26_Privacy_Consideration_%28Rev%29.pdf


Any comments are appreciated.
Look forward to seeing you in Seattle.

Kind regards,

T.Hirabayashi/KDDI


----- Original Message -----

> Hi,
> 
> I've investigated several methods and practices of security/privacy 
analysis (e.g., goal oriented analysis, misuse case analysis, STRIDE/
DREAD, ISO 15408, ITU-T X.1121) and think that we should apply a 
customized procedure for our case.
> 
> Compared to usual security analysis, our security/privacy target is 
not completely definable because it is not actual software but rather a 
platform for software. So listing up use cases as Kevin did would be the 
best way to figure out our scope.
> 
> On the other hand, I personally think we could start with a bit 
simpler description for our first step and add the details later, e.g., 
during the second iteration of use case discussion, to get ideas from 
wider stake holders.
> 
> What do you think?
> 
> FYI, I've just put some examples on a spreadsheet[1] to show what I am 
thinking.
> 
> Also the following is the basic (simple) procedure I'd propose:
> Step 1. Listing up brief use cases and concerns
> Step 2. Select items for our scope and investigate them deeply (Kevin'
s is this level)
> Step 3. Derive requirements from the investigation
> 
> In order to gather all the important points, I'd like to suggest we 
iterate the above procedure at least twice before LC.
> 
> Please feel free to give your comments on the above proposal.
> I'd like to talk about this procedure during the upcoming f2f meeting 
in Seattle as well.
> 
> [1] https://docs.google.com/spreadsheets/d/14ij-2I-H4HbilVQ_muCmUayVqmVfdbkoke690MA0kdo/edit#gid=0

> 
> Junichi
> 
> 

　　　　　　　　　　～～～～～～～～～～～～～～～～～～
　　　　　　　　　　ＫＤＤＩ総研

　　　　　　　　　　平林　立彦
　　　　　　　　　　HIRABAYASHI Tatsuhiko
　　　　　　　　　　Tel: 03-6678-1946(代表)
　　　　　　　　　　Mobile: 080-5941-4506
　　　　　　　　　　Fax: 03-6678-0339
　　　　　　　　　　E-mail: ta-hirabayashi@kddi.com
　　　　　　　　　　Address: 〒102‐8460
　　　　　　　　　　東京都千代田区飯田橋3-10-10
　　　　　　　　　　ガーデンエアタワー33階
　　　　　　　　　　～～～～～～～～～～～～～～～～～～

Received on Sunday, 26 July 2015 00:31:48 UTC