Refactor the threat model section to accommodate models for each high…

…-level threat.
w3cping · Jan 16, 2020 · 72ee40e · 72ee40e
1 parent d18e3c9
commit 72ee40e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 16 deletions.
diff --git a/index.bs b/index.bs
@@ -140,7 +140,7 @@ The following threats were brainstormed in the 2019 TPAC PING meeting:
 
 *  Unexpected Recognition (being confident that this is the same person/device
     you saw before), cross-site. This threat is discussed in
-    [[#model-anti-tracking]].
+    [[#model-cross-site-recognition]].
 * Recognition, same-site
 * Benign information disclosure (connected hardware [game controller or
     assistive device], system preferences [like dark mode]…)
@@ -201,8 +201,23 @@ document.
     others have about them and to participate in its handling and use.
 
 
+# Threat Model # {#model}
+
+For each of the <a href="#high-level-threats">high-level threats</a>, we
+describe a threat model: a description of what goals attackers with various
+capabilities should or should not be able to achieve. For simple threats, a
+model can be expressed in prose, while complex threat models use a grid to
+express the web platform's target guarantees.
+
+<span style="color:green">✘</span> indicates that the goal should be frustrated,
+while <span style="color:red">✓</span> indicates that the attacker can achieve
+their goal.
+
+Issue: Should we mark goals attackers can currently achieve, which we want to
+remove, differently from goals attackers already can't achieve?
+
 <pre class="include">
-path: model.bsinc
+path: xsite-tracking-model.bsinc
 </pre>
 
 <pre class="include">

diff --git a/model.bsinc → xsite-tracking-model.bsinc b/model.bsinc → xsite-tracking-model.bsinc
@@ -1,17 +1,4 @@
-# Threat Model # {#model}
-
-This table summarizes which capabilities should allow attackers to achieve which
-goals and, conversely, which goals should be frustrated for attackers even when
-they have certain capabilities.
-
-<span style="color:green">✘</span> indicates that the goal should be frustrated,
-while <span style="color:red">✓</span> indicates that the attacker can achieve
-their goal.
-
-Issue: Should we mark goals attackers can currently achieve, which we want to
-remove, differently from goals attackers already can't achieve?
-
-## Anti-tracking ## {#model-anti-tracking}
+## Cross-site recognition ## {#model-cross-site-recognition}
 
 <table class="threatmodel">
 <tr class="goals">