Meeting minutes
Minutes
approved
PRs
PR 232 - changed requirement section to analysis
McCool: proposal to change the "Requirements" section to "Analysis" section to avoid confusion
merged
Preparation for the next Use Case call
McCool: we had discussion on use cases around Discovery
… what we can do now is creating issues on wot-use-cases repo
mn: how to identify the use cases?
… any strategy there?
McCool: had discussion on identifiers during the Use Cases call last week
… need to have some unique ID for each use case
wot-usecases PR 231 - Capture Discovery Requirements
mn: focusing on the existing ones?
McCool: in any case, we need to have some unique ID for each use case to identify all the use cases
… also should clarify which building block is related
… clear statement for the requirements, and unique ID for use cases
… now we have the section 3 as "Analysis"
WoT Security and Privacy Guidelines - 3. Analysis
WoT Use Cases Issue 229
<McCool> wot-usecases Issue 229 - Consolidate security discussion in use cases document
Kaz: The link Lagally mentioned is a bit strange and bigger than "use cases issues related to security"
McCool: Yeah, we need to think about how to deal with this
Kaz: let's put a comment about that then
McCool: ok. we're reorganizing this now..."
McCool: would suggest we define categories of use cases
… and think about which use cases belong to which category
Kaz: ok
… and one specific use case could belong to multiple categories, technically
McCool: yeah
McCool: (then creates another new Issue, "Create Security Categories for Use Cases", for wot-usecases)
… (then put a list of tasks for that purpose, e.g., creating a list of categories)
wot-usecases Issue 232 - Create Security Categories for Use Cases
McCool: would like to think about some initial list of categories
… e.g., private, safety-critical, business-critical, ...
McCool's comments on the initial list of categories
Kaz: if we would like to start with those three as the starting point, maybe it would make sense to use the wide review viewpoints as well
… e.g., privacy-critical, security-critical, internationalization-critical and accessibility-critical
Descriptions for WoT Use Cases
Kaz: btw, the current WoT Use Cases document has section 2 as "Domain Specific Use Cases" and section 3 as "Use Cases for multiple domains"
… but some of the contents are not "use cases" themselves but rather "specific technology" or "technology area"
… so need refactoring of the contents too
McCool: yeah, there is some mixing up
Kaz: note there are "Accessibility" and "Security" as part of the section 3 already
Requirements section
WoT Use Cases - 4.2.6 Security
McCool: regarding the requirements for security
… should have description on the potential threats
… also the table on the threats (from the WoT Security Note)
… (adds the link from WoT Use Cases document to WoT Security document)
WoT Security and Requirements Guidelines - 3.2.5 Threats
more specifically, "WoT Interface Threat - Unauthorized WoT Interface Access"
[adjourned]