- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 14 Mar 2007 08:50:27 -0400
- To: ses@ll.mit.edu
- Cc: Web Security Context WG <public-wsc-wg@w3.org>
- Message-ID: <OFDCF7D9A3.4FD28526-ON8525729E.00454DA4-8525729E.00468B73@LocalDomain>
Thanks Stuart. I'd like to put this on the agenda for our next meeting.
Will you be there and able to lead discussion?
It's a bit of a nit (or not, depending on how you look at it), but for:
> Bookmark or other relationship stored in browser or OS
As we've discussed several times, we shouldn't assume the user agent is a
browser.
> Email link
I'm not convinced that's general enough. I can think of at least one other
data push application that's not the web - instant messaging.
Related to that, the web link categories don't seem to encapsulate the
social networking/user data aspects of web links (like blogs).
If this propagates to something more formal, see if you can find an
example less inflammatory than NAMBLA.
Mez
Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect
"Stuart E. Schechter" <ses@ll.mit.edu>
Sent by: public-wsc-wg-request@w3.org
03/12/2007 02:58 PM
To
Web Security Context WG <public-wsc-wg@w3.org>
cc
Subject
Threat Trees
I've updated the use case dimensions provided by Thomas and made a first
stab at a threat tree. I've primarily focused on site-impersonation
attacks
because I believe they are the focus of this working group (happy to be
corrected).
The draft is at:
<http://www.w3.org/2006/WSC/wiki/ThreatTrees>
This is in response to
ACTION-95: Review use cases, suggest reorganization, ...
ACTION-124: Initiate work on threat tree
Received on Wednesday, 14 March 2007 12:50:39 UTC