Meeting minutes
Minutes
<kaz> Oct-30
McCool: any objection to the minutes?
(none)
Use cases
PR 233
<kaz> PR 233 - Template for Category/Risk org for Security Requirements
McCool: the use cases are renamed
… rather having public and private there will be more categories, the threats are added
… the requirements are about mitigation and threats are motivating
… a given threat can have more than one mitigation
… some mitigations can also apply to more than one threat
… on parallel have been working on discovery
… Jan is working on the discovery section
<kaz> PR 242 - Associate Discovery Requirement with Use Cases
McCool: the links in the security and privacy will be updated to have a similar structure to the discovery document
… how should we deal with privacy?
… if we do seperate sections then we have some repitions
Mahda: security and privacy together would be better because of avoidance of redundance
Kaz: there are several potential categories and structures for use case descriptions, and having seperate security and privacy specific sections...securtiy and privacy from a W3C viewpoints. Maybe we could have use case section and requirement section.
Kaz: if we concentrate on the question of seperate sections, I think they should be seperate
… even though they are related to each other
McCool: I am anticipating we will have a pain point, and we have to cross reference
… we could have access control as requirement, the requirement can then cite both security and privacy
… other requirements like deletion is related to only privacy
Kaz: protecting privacy requires security mechanisms
… how and when to access what kind of data and when and where
… technically two different kinds of requirements
McCool: I will try to split them into two sections
McCool: mccool will try to improve the document
McCool: is there anything pressing that we should do?
McCool: the interest group asked for 2 months extension, at some point we need to think about whether we need to do something special for security
<kaz> [adjourned]