Meeting minutes
Minutes overview
<kaz> Nov-20
McCool: published minutes
Requirements
McCool: let's look on the requirement issue
<McCool> w3c/
McCool: no open PR this time for security
<McCool> w3c/
McCool: we should talk about what to do next and make a todo list
Mahda: I looked at Jan's work from the discovery, would be good to discuss how to map the use cases to requirements
McCool: using the links facilitate automatic links and sections
<McCool> https://
McCool: there are four categories, the simple first step is to restructure this to follow the discovery template
McCool: next: each category tries to capture the use cases it relates to
McCool: do each in single PR's
McCool: after we do the categories, we need to (the requirements should be mitigations)
McCool: we want to mitigate each threat
… first formatting, then the categories, while going through the use cases we might find new categories, then we can try to align the security requirements to the threats we already have. A path from security considerations to the threats
… in the next meeting when the first one is done, we can try to start the next step
… we had a table with the use cases from the past
… we can update the existing table and update it
… we can limit the scope of the work to focus for now on the security and not privacy
<McCool> w3c/
Kaz: this should be probably be next step, after this re-organization we need to gather more feedback or use cases from various industries
McCool: there are two things, first we can assign categories, secondly we may find gaps where we have a clear mitigation
McCool: i think in general the use case contributors can look at the requirements, and then think about gaps rather than starting from scratch
McCool: lets look at the use case file and see whether it is up to date
… the table is outdated
Kaz: after looking at the use case documents, I started to fear the current structure of the use case document, it's not understandable
McCool: I totally agree, if we have decent id's, we can move things around and re-organize things
Kaz: we need somebody else to moderate the use case discussions
McCool: all I want is to update the security part
Kaz: yeah, so we need to concentrate on the security portion within the Use Cases/Requirements descriptions
McCool: we can have two categories, yes, no, and maybe
… in general lets only do the leaf nodes of a main category e.g. retail
… will create a PR under use cases
Kaz: digging into existing use cases would still make sense, but this work would be time-consuming and maybe we need additional help from the other participants of the group
McCool: I think we should go through the obvious ones and ask for input from others, in the next hour we can go through them, and later ask confirmation from the rest of the members
<McCool> PR 247 - Define Security Category Template
<McCool> https://
<kaz> [adjourned]