Re: [IG-SP] Review of Security&Privacy Requirements Catalogue from Paul Boyes on 2015-08-19 (public-automotive@w3.org from August 2015)

From: Paul Boyes <pb@opencar.com>
Date: Wed, 19 Aug 2015 18:18:54 +0000
To: Kazuyuki Ashimura <ashimura@w3.org>
CC: public-automotive <public-automotive@w3.org>, "public-auto-privacy-security@w3.org" <public-auto-privacy-security@w3.org>
Message-ID: <0DBF513C-1695-4669-846E-B947D28B33A3@opencar.com>
Sounds good Kaz.  This could be part of the WG agenda for Monday or Tuesday at TPAC.  Would that make sense?

Paul J. Boyes
--------------------------------
Mobile:   206-276-9675
Skype:  pauljboyes




On Aug 19, 2015, at 10:15 AM, Kazuyuki Ashimura <ashimura@w3.org<mailto:ashimura@w3.org>> wrote:

Thanks for forwarding this to the public-automotive list, Paul!

During the WoT IG meeting in Sunnyvale, I mentioned our
security&privacy discussion within the Automotive BG/WG
and suggested the WoT IG should work with the Automotive
group.

And Oliver, the moderator of the WoT IG's security&privacy
TF, said:
- They are interested in the possible collaboration.
- However, they would concentrate on their own formalization first.
- TPAC 2015 in Sapporo would be a good opportunity to start actual
  collaboration.

Kazuyuki


On Thu, Aug 20, 2015 at 12:18 AM, Paul Boyes <pb@opencar.com<mailto:pb@opencar.com>> wrote:
>From the WOT group.  Is of interest.

Paul J. Boyes
--------------------------------
Mobile:   206-276-9675<tel:206-276-9675>
Skype:  pauljboyes




Begin forwarded message:

Resent-From: <public-wot-ig@w3.org<mailto:public-wot-ig@w3.org>>
From: "Nilsson, Claes1" <Claes1.Nilsson@sonymobile.com<mailto:Claes1.Nilsson@sonymobile.com>>
Subject: RE: [IG-SP] Review of Security&Privacy Requirements Catalogue
Date: August 10, 2015 at 7:49:18 AM PDT
To: "'Pfaff, Oliver'" <oliver.pfaff@siemens.com<mailto:oliver.pfaff@siemens.com>>, "public-wot-ig@w3.org<mailto:public-wot-ig@w3.org>" <public-wot-ig@w3.org<mailto:public-wot-ig@w3.org>>

Hi Oliver and others,

Thanks for compiling this catalogue. I have some initial comments:

1.      Maybe each requirements should have a number or any other id. That would make it easier in discussions and follow-up of requirements.
2.      The list does more look like a the Security&Privacy Glossary in more detail than a list of requirements. That might be ok depending what we want to achieve. Do we want this or do we want?
a.       A total and tangible list of the security&privacy features applicable for WoT that needs to be covered by W3C standards (existing and new), using MUST, SHOULD and MAY vocabulary?
b.      A tangible list of the security&privacy features applicable for WoT that needs to be standardized by W3C in addition to what exists today (or what is in progress being standardized), i.e. a gap list, using MUST, SHOULD and MAY vocabulary?
WDYT?

BR
  Claes



Claes Nilsson
Master Engineer - Web Research
Research&Incubation

Sony Mobile Communications
Tel: +46 70 55 66 878
claes1.nilsson@sonymobile.com<mailto:Firstname.Lastname@sonymobile.com>

sonymobile.com<http://sonymobile.com/>

<image003.png>

From: Pfaff, Oliver [mailto:oliver.pfaff@siemens.com]
Sent: den 5 augusti 2015 13:48
To: public-wot-ig@w3.org<mailto:public-wot-ig@w3.org>
Subject: [IG-SP] Review of Security&Privacy Requirements Catalogue

Dear colleagues,
until now the Security&Privacy Requirements Catalogue<https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue> used to be a bit of a laundry list. That changed and now there is a first draft version for review.

Formally the Wiki page is public (as well as this mail) and we’d accept comments from anybody in WoT IG. However I would like to ask for review and feedback from [IG-SP] before sending heads-up notices to the TFs.

When reviewing, please check for:
•        Completeness: does the catalogue cover all requirements that we want to highlight (caveat: it should not become too lengthy, special interest items may have to be dropped to avoid the ‘TL;NR’ syndrome)?
•        Correctness: are the contents of the catalogue sufficiently sound (caveat: it should not become academic, becoming too nitty-gritty should be avoided)?
•        Comprehension: do the contents compile when reading through the catalogue with common sense, are the contents intuitively accessible?
•        Wording: which improvements are needed to pass the ‘native speaker check’?

I suggest a review/feedback period (within SP) until Aug, 12. Please provide suggestion and addition/change requests on the public mailing list or in a personal exchange (suggestions and addition/change requests that arrive thereafter will also be accommodated – this is not meant as a final call)

Please note that I will do a round of double-checking against the IIC reference architecture during this review/feedback period (=> there might be some [hopefully minor] updates)

Please also note that there will be some derivative work that will reflect the structure of the security&privacy requirements catalogue => adding (new) catalogue items later on will be easy, tweaking the structure will be tedious. So let’s put a priority on establishing a structure that has a good chance of staying stable

Kind regards,
Oliver




--
Kaz Ashimura, W3C Staff Contact for Auto, TV, MMI, Voice and Geo
Tel: +81 3 3516 2504
Received on Wednesday, 19 August 2015 18:19:27 UTC