Open jyasskin opened 4 years ago
(apologies for the delay in following up on this)
I think it would be ideal to have something further in the document. Specifically text covering the following:
So, one straw-example following the above template would be:
Another might be:
I'd be interested to know if others think this model is a useful way of framing the document (independent of whether the above to straw-examples are good instances of the model).
https://w3cping.github.io/privacy-threat-model/#high-level-threats currently starts with
but most of the individual threat descriptions don't follow this up by saying what UAs should do about them. For example, https://w3cping.github.io/privacy-threat-model/#hl-recognition-cross-site could add something like
The RFC2119 aspect of "SHOULD" that "there may exist valid reasons in particular circumstances to ignore a particular item" then gets elaborated in the high-level threat's detailed threat model.
I think this matches @pes10k's request for more principles in the document.