- From: Gavigan, Kevin <kgavigan@jaguarlandrover.com>
- Date: Thu, 30 Jul 2015 08:45:32 +0100
- To: Junichi Hashimoto <xju-hashimoto@kddi.com>
- Cc: public-auto-privacy-security@w3.org
- Message-ID: <CAKaHsmfMgfh6YTM0ObzHeQfL+Kqc53uPHmwMCwu9uLUEq1bAOw@mail.gmail.com>
Hi Junichi, Thanks, I was about to add them yesterday and saw that they were already appearing :-) I will add more when I can. Regards, Kevin *Kevin Gavigan BSc (Hons), MSc, PhD, MCP MCTS* *Software Architect* *Connected Infotainment* *Mobile: 07990 084866* *Email:* kgavigan@jaguarlandrover.com *Office address:* *GO03/057** • **Building 523, **Gaydon** • **Maildrop: (G03)* *Jaguar Land Rover • Banbury Road • Gaydon • Warwick • CV35 0RR* On 30 July 2015 at 06:30, Junichi Hashimoto <xju-hashimoto@kddi.com> wrote: > Hi Kevin, > > During the meeting in Seattle, members have reached a consensus that the > use case list is useful not only for security and privacy but also for > Vehicle APIs. We've added many items (including your use cases) into the > list and will discuss them in the next tel-conference. > > I'd like you to take a look on the list and add more items that are > missing. We have only a few days but I hope we discuss the security and > privacy aspect of the use cases via this ML before the tel-conference. > > Regards, > Junichi > > > > On 15/07/29 08:34 , Gavigan, Kevin wrote: > >> Hi Junichi, >> >> Thanks, your proposal seems like a good idea to me as it will help us to >> gather scenarios more quickly >> >> I will plan to add brief use cases to the spreadsheet... >> >> Regards and best wishes, >> >> Kevin >> >> *Kevin Gavigan BSc (Hons), MSc, PhD, MCP MCTS* >> */Software Architect/* >> */Connected Infotainment >> /* >> >> */Mobile: 07990 084866 >> /* >> /*Email:*/ kgavigan@jaguarlandrover.com >> <mailto:kgavigan@jaguarlandrover.com> >> >> */Office address:/* >> *GO03/057** • **Building 523, **Gaydon** • **Maildrop: (G03)**/ >> /**Jaguar Land Rover • Banbury Road • Gaydon • Warwick • CV35 0RR* >> >> On 24 July 2015 at 02:58, Junichi Hashimoto <xju-hashimoto@kddi.com >> <mailto:xju-hashimoto@kddi.com>> wrote: >> >> Hi, >> >> I've investigated several methods and practices of security/privacy >> analysis (e.g., goal oriented analysis, misuse case analysis, >> STRIDE/DREAD, ISO 15408, ITU-T X.1121) and think that we should >> apply a customized procedure for our case. >> >> Compared to usual security analysis, our security/privacy target is >> not completely definable because it is not actual software but >> rather a platform for software. So listing up use cases as Kevin did >> would be the best way to figure out our scope. >> >> On the other hand, I personally think we could start with a bit >> simpler description for our first step and add the details later, >> e.g., during the second iteration of use case discussion, to get >> ideas from wider stake holders. >> >> What do you think? >> >> FYI, I've just put some examples on a spreadsheet[1] to show what I >> am thinking. >> >> Also the following is the basic (simple) procedure I'd propose: >> Step 1. Listing up brief use cases and concerns >> Step 2. Select items for our scope and investigate them deeply >> (Kevin's is this level) >> Step 3. Derive requirements from the investigation >> >> In order to gather all the important points, I'd like to suggest we >> iterate the above procedure at least twice before LC. >> >> Please feel free to give your comments on the above proposal. >> I'd like to talk about this procedure during the upcoming f2f >> meeting in Seattle as well. >> >> [1] >> >> https://docs.google.com/spreadsheets/d/14ij-2I-H4HbilVQ_muCmUayVqmVfdbkoke690MA0kdo/edit#gid=0 >> >> Junichi >> >> >> >> > >
Received on Thursday, 30 July 2015 07:46:22 UTC