Suggestion to split into 3 documents
Closed this issue · 2 comments
1 - model and overview of the architecture, concepts
2 - requirements (MUST / SHOULD, etc)
3 - roadmap
It's a bit confusing to have it all be together.
I don't think this would be a good idea @andreiw. IMO It helps to have the security framework, threat model and resulting requirements (to meet the security objectives) in one non-normative document. Agree that the chapters should be cleanly separated within the spec, so someone wanting to refer directly to one or more sections can do that -if you identify areas where it is confusing please call out those sections. Also we are trying to keep the document succinct to make it easily accessible for a wider security community - separating it into documents will make it more complex to keep them in sync. Lastly requirements are being tagged with CAT_NNNN tags so that other documents can refer to specific requirements very easily.
Thanks,
Hopefully it will be clearer once we have the full document, including use cases, in place.
I'm closing this for now. We can revisit if there are any specific improvement once we have the full document ready for review.