RE: Note use-case rework from Doyle, Bill on 2007-07-27 (public-wsc-wg@w3.org from July 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Fri, 27 Jul 2007 10:31:54 -0400
To: "Close, Tyler J." <tyler.close@hp.com>, <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801929167@IMCSRV5.MITRE.ORG>

Comments I went back up to section 6.4 to see how threats were derived
and had some trouble.

6.4  - I am not following the scenarios where one is a question and one
a statement, should they be common questions? In scenario one how does
Alice know that she is really connecting to her bank to initiate the
effort? Or should both just be tasks and question about connections
follow?

Scenario one - Identified source, Identified destination, Providing

Once a week, Alice pays her bills. She opens her web browser, follows
the habitual bookmark to her bank's site, logs in by entering her
credentials, and follows the routine course through the online banking
system.

Betty's home wireless router has a web interface for making
configuration changes. When the router is installed, it generates a
self-signed SSL server certificate. Sometime later, Betty attempts to
make a configuration change. How does Betty know she's connected to the
router she setup earlier, and not her neighbor's?



6.5

Do we want to mention URL obscuring?




-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Close, Tyler J.
Sent: Thursday, July 26, 2007 11:13 PM
To: public-wsc-wg@w3.org
Subject: RE: Note use-case rework


I've added some more content to the Note, derived from the Threat trees
work. This is probably all I'm going to do here, so speak up if you
think I've missed something important. See:

http://www.w3.org/2006/WSC/drafts/note/#threats

Tyler 

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org]
On Behalf Of Close, Tyler J.
Sent: Wednesday, July 25, 2007 9:08 PM
To: public-wsc-wg@w3.org
Subject: Note use-case rework


I've done a significant rework of the use-cases section of the Note. I
think I've provided better structure and integrated some information
from the threat-trees work. I've preserved the various use-case
stories,
and added the new mobile browser story. I plan to integrate more of the
threat trees work, but am calling for feedback now.  See:

http://www.w3.org/2006/WSC/drafts/note/#use-cases

--Tyler

Received on Friday, 27 July 2007 14:32:03 UTC