- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 22 May 2007 01:09:13 +0200
- To: Rachna Dhamija <rachna.public@gmail.com>, ses@ll.mit.edu
- Cc: public-wsc-wg@w3.org
Working on ACTION-173, I'm going through the use case dimensions and thread trees again. I wonder to what extent dimensions 2.D and 2.E identify a relevant distinction. As phrased in the Wiki at this point, these are about a "Link provided by an external application", and a "Web link". Looking at the threat trees, the example given there for a "Link provided by an external application" is a link in an e-mail. Now, most of the relevant applications (including e-mail and instant messaging) could actually be implemented as a Web application and run in a browser, therefore falling under 2.E, "Web link". It strikes me that the relevant characteristics aren't really exposed on the level of 2.D and 2.E, but in the distinctions below 2.E. Therefore, I'd suggest to change the use case dimensions as follows: D. Link i. from prima facie unrelated machine-readable source (e-mail, instant message, advertisement) ii. from a partner site (e.g. citi.com to accountonline.com) iii. other I'm not even sure that this distinction is really needed. Rachna, Stuart, your thoughts? Regards, -- Thomas Roessler, W3C <tlr@w3.org> On 2007-05-18 02:18:55 +0000, Rachna Dhamija wrote: > From: Rachna Dhamija <rachna.public@gmail.com> > To: public-wsc-wg@w3.org > Date: Fri, 18 May 2007 02:18:55 +0000 > Subject: [Moderator Action] ACTION 215: Revisit threat trees > X-Spam-Level: > Old-Date: Thu, 17 May 2007 14:12:44 -0700 > X-Diagnostic: Not on the accept list > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 > > I have added added a section to the bottom of the threat trees wiki page > that lists attacks we might want to include in the tree. I would encourage > others to add attacks as well and/or to integrate these into the existing > tree. > > I realize that many attacks are clearly out of our scope (it is easier to > grow the tree first and prune it later or to mark branches out of scope). > > http://www.w3.org/2006/WSC/wiki/ThreatTrees > > Rachna
Received on Monday, 21 May 2007 23:09:16 UTC