- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Mon, 12 Feb 2007 18:18:38 -0500
- To: "<michael.mccormick" <michael.mccormick@wellsfargo.com>
- Cc: public-wsc-wg@w3.org,ses@ll.mit.edu
- Message-ID: <OF17EA69EB.78C7B9B2-ON85257280.007FFFC2-85257280.00800CC9@LocalDomain>
On your misuse case comment, I thought Stuart's threat trees would cover that. Stuat, will they? Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect <michael.mccormick@wellsfargo.com> Sent by: public-wsc-wg-request@w3.org 02/09/2007 01:23 AM To <tlr@w3.org>, <ses@ll.mit.edu> cc <public-wsc-wg@w3.org> Subject RE: ACTION-125: use case rework Thomas, I think that, as far as they go, the updated use cases are generally excellent (as I mentioned in my previous note to MEZ re ACTION-78). In order to validate whether these use cases completely cover what users need browser security indicators to provide them, I suggest a simple "CIA+R" test can be applied: Confidentiality: Users want to know if sensitive information is being kept confidential. They may not know exactly what encryption is... but they know they don't trust their ISP with the same information they trust their doctor or banker with. Integrity: Users want to know if information they send to the site, or pages they receive back from the site, has been altered. Authenticity: Users want to know if the site is really the one they think it is. Reputation: Some users also want to know if a site has had problems or has a good track record. Most of the current use cases seem designed to address the Authenticity requirement. Use case 18 does address Reputation. Use case 19 sort of addresses Confidentiality but apparently only in the physical world (Betty wonders "whether others nearby will be able to eavesdrop on her interactions".) None seem to address Integrity. You're no doubt familiar with the concept of misuse cases. Maybe that's what needed to close the gaps; a few misuse cases such as: - Malicious ISP sys admin Eve is trying to steal credit card numbers from web server logs. Luckily Alice's web browser lets her know all her sensitive information is encrypted when she send it to Bob's Bank. [confidentiality, integrity] - Malicious criminal Mallory has set up a web site that looks just like Bob's Bank. Luckily Alice's web browser catches the fact that the site's SSL certificate has the wrong domain when Google inadvertently sends her to Mallory's site instead of Bob's. [authenticity] - Bob's Bank is breached by hackers but Alice didn't see the story about it in the newspaper and she hasn't yet received her SB1386 notification letter. Luckily Alice's web browser has downgraded the reputation of Bob's site, alerting her to the news of the breach before she even logs on. [reputation] Mike -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Thomas Roessler Sent: Tuesday, February 06, 2007 6:46 PM To: ses@ll.mit.edu Cc: public-wsc-wg@w3.org Subject: ACTION-125: use case rework Here's proposed material following from the use case structuring discussion that we had in San Jose; this is intended to be input material for Stuart's threat trees. This is a first cut -- I've made edits to some of the existing use cases, changed some of them, and so on. I suspect that Stuart might be tempted to change things to be a bit more rigorous; Rachna, Maritza and MEZ might be on the look-out for spelling out user mental models more reasonably than I have done. <snip>
Received on Monday, 12 February 2007 23:18:47 UTC