Update Definitions of Security and Privacy in Architecture Document

[mmccool]

As noted in w3ctag/design-reviews#355, the definitions of Security and Privacy in the Architecture document are too short and really should be based on another standard. Rather than defining them here and/or pointing at another standard, we can just depend on "well-understood" definitions of these terms and delete them from the Arch document.
Update: will generate standards-based definitions for these terms instead of just deleting them.

[mmccool]

Issue w3c/wot-architecture#368, if merged, will resolve this issue.
There is also a definition of "Personally Identifiable Information". This is less "common" than Security and Privacy so I have not removed it. However, ideally the definition of this term would identify an external official source.

[mlagally]

An external reference for PII is https://www.iso.org/obp/ui/#iso:std:iso-iec:29100:ed-1:v1:en

[mmccool]

The Architecture TF discussed this and decided that rather than deleting these definitions it would be better to add external references. Some references were found, but it is notable that ISO-IEC defines "Information Security" but not just "Security" as we have been using. See the discussion under w3c/wot-architecture#368.

I propose we define "Security" within the WoT documents to be equivalent to the ISO definition of "Information Security". An alternative would be to define "Security" as a combination of "Information Security" and "Physical Security" since anti-tampering measures may also be important in IoT. However, I personally think we should focus on Information Security and declare Physical Security measures out of scope (or use "Physical Security" explicitly when talking about such things).

[mmccool]

Still in progress. I will create a PR for new standards-based definitions soon.

[mmccool]

This has been done.