search

w3c / wot-security

a repo exclusively for security to better manage issues and security considerations for WoT
https://w3c.github.io/wot-security/
18 stars 22 forks source link

Add "Security and Privacy Considerations" to all use cases (or requirements) #168

Open mmccool opened 4 years ago

mmccool commented 4 years ago

In https://github.com/w3c/wot-architecture/tree/master/USE-CASES a number of use cases have been assembled. For each one we should consider the security and privacy requirements and document them. This could also go into "requirements", but then "Security and Privacy Considerations" should be added to the requirements template at https://github.com/w3c/wot-architecture/blob/master/REQUIREMENTS/requirements-template.md

mmccool commented 4 years ago

The following may be relevant (note that it was updated in 2019): https://www.w3.org/TR/security-privacy-questionnaire/

mmccool commented 4 years ago

We should update the HTML version now with "blank" security and privacy considerations sections... (McCool to make a PR)

mmccool commented 3 years ago

Should just create issues for particular use cases over in the use case repo. Then we can track which use cases have considered privacy and security and which ones have not. For example:

mmccool commented 3 years ago

We should start this by having a set of questions to be asked for each use case, such as "does this handle PII"? "Is access control needed?" "Are there safety considerations for access?" "Are there different classes of users?" etc. See https://github.com/w3c/wot-usecases/issues/84 Some bullet points should be added to the template as well.

mmccool commented 3 years ago

Note that when we did the CR last time we had to answer a long set of questions about security, and we can look back to the answers to those. Most of them were not actually relevant to IoT, but some were.

mmccool commented 3 years ago

Brainstorm from security TF call May 10. We also looked at the Self-Review Questionnaire and tried to extract anything useful (there was surprisingly not much, since it is very browser-focused and spends a lot of time on same-origin constraints, etc).

Security:

  1. What kinds of access controls are supported?
  2. How is access managed, distributed, and revoked?
  3. Will the hardware be protected from physical access?
  4. Does data being transmitted need to be protected?
  5. Does data at rest need to be protected?
  6. Is the system safety-critical?
  7. Will the device be accessible remotely/globally?
  8. Will the device/service run third-party (untrusted) code, or will all code be provided by the developer/maker?
  9. Does the use case allow the installation and running of executable content, e.g. scripts, rules, etc?
  10. Does the user have the ability to install and manage keys, e.g. certificates?

Privacy:

  1. Does this use case handle personally identifiable information (PII)?
  2. Can PII be inferred from data or metadata?
  3. Can this use case's device report its geolocation?
  4. Can this use case's device report local sensor data that might be used to infer PII?
  5. Is ad-hoc discovery and use needed? Peer-to-peer or directory?
  6. Does this use case require the generation and use of unique global identifiers?
  7. Does this use case require the generation and use of temporary local identifiers?
  8. Does this use case provide for the tracking and erasure of any PII captured?
mmccool commented 3 years ago

Probably should add: