Open mlagally opened 4 years ago
mmccool
commented
4 years ago Terminology use for various stakeholders need to be made consistent between the Arch and Security Document. Use cases also need to define stakeholders, and use cases should be in architecture... so maybe all stakeholder defns should move to architecture?
ereshetova
commented
4 years ago Here is the PR that I submitted to the architecture: https://github.com/w3c/wot-architecture/pull/418
zolkis
commented
4 years ago Just throwing my 2 cents: I think there is a difference in details needed for stakeholders and scenarios between security (more detailed, for capturing exceptions/negative use cases) and architecture (more lifecycle oriented).
Therefore a complete move is not necessarily warranted IMHO.
So I think the main definitions should be in Architecture, and Security could define the rest of them needed in security context.
mmccool
commented
4 years ago @zolkis I agree, but we need to be consistent, and so the basic definitions that both use should be in one place, and that should probably be architecture.
mmccool
commented
4 years ago A PR should be created for the Security and Privacy Guidelines document to update it to point to the definitions in architecture. If necessary, to address @zolkis 's point above, the S&PG document can include additional details if the definition in Architecture has been simplified. Of course if any terms were changed the S&PG document should be updated to use the new terms.
@ereshetova will create a PR to update the Security and Privacy Guidelines document and will post a link here. When that is merged we can close this issue.
Make sure to use consistent terminology