RE: Note use-cases as explanatory device

I think the use cases would be more "useful" if they included, where
applicable, the applicable branches in the threat tree.

That is, "Joan wants to access her bank website, she types in the url, makes
a type, and instead gains access to a spoof of her bank which looks natural
and provides a false log-on form" - now how would the recommended solution
help in this scenario?

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Close, Tyler J.
Sent: Friday, June 22, 2007 6:10 PM
To: public-wsc-wg@w3.org
Subject: Note use-cases as explanatory device


Looking at the draft Rec proposals, it's not clear to me that the
current use-cases are providing the needed basis for explanation and
evaluation. I think we need to figure out why before we put the Note to
bed. Now seems like a good time to take a step back and judge how well
our use-cases have enabled the description and evaluation of our
recommendations. What issues did authors have in using the Note
use-cases to describe their recommendations? Would the threat trees work
provide a better basis for explanation and evaluation?

Tyler

Received on Saturday, 23 June 2007 10:25:17 UTC