- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 29 Mar 2026 10:14:11 -0400
- To: Simone Onofri <simone@w3.org>
- Cc: public-security@w3.org, public-privacy@w3.org
On Sun, Mar 29, 2026 at 9:56 AM Simone Onofri <simone@w3.org> wrote: > The questionnaire always says it's convenient to do it with a Threat Model (section 3), and if this is made explicit somewhere (within the section or in a separate document, at the discretion of the group), facilitates and expedites reviews. Ok, then this is what we are going to plan to do with these new specifications that are going onto the standards track at W3C: In the Security Considerations and Privacy Considerations sections, we will refer to a Threat Model section either in the same document, or in a separate document, to meet the requirements of having a Security Considerations Section and a Privacy Considerations Section, but defer all content to the Threat Model section. If we do this, we are expecting it to be enough for Security and Privacy to perform a Horizontal Review. I know you can't speak for the Privacy group (so I'm looking for input from them on the concrete proposal above). For the Security group, does it find the concrete proposal above acceptable? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Sunday, 29 March 2026 14:14:51 UTC