New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requirements template - Please add a security checklist #78
Comments
We talked about this as well today in the Security TF call: see w3c/wot-security#168 I think at the very least the requirements template should include a "Security and Privacy Considerations" section. It can be free-from for now, but as we work through each use case we can add some structure (eg for authentication requirements, once the lifecycle is defined we can indicate when and where we need authentication in reference to it). |
By "checklist" I assume you want to know whether we need authentication, confidentiality, access controls, etc. In that case, we perhaps want to put a free-form "Security and Privacy Considerations" section in each use case and derive detailed requirements from that. |
At any rate, let me add this to the security meeting agenda for next week... in the meantime let's discuss here exactly what is needed. |
@mmccool This was coming out of an architecture discussion we had together. I think we should add two sections:
|
If the security group comes up with a more detailed checklist, we should add that as well. |
My suggestion (to implement immediately):
Later on, we need to do: DE: Consider assets, domains, and flows. Fits under "list of questions", e.g. one question could be "What are the assets?" etc. |
Arch call on 17.12. |
@mmccool |
No description provided.
The text was updated successfully, but these errors were encountered: