Personal tools
You are here: Home Software Center draft2gether D2G Draft Features Desired Security & Privacy
Breaking News

Photos from the Innovation Festival, in ROME 7-10th June

Read more...

Past events...

Log in


Forgot your password?
New user?
 
Document Actions

#15: Desired Security & Privacy

Contents
  1. Definitions
  2. Motivation
  3. Assumptions
  4. Proposal
  5. Implementation
  6. Deliverables
  7. Risks
  8. Progress log
  9. Participants
Here is a summary of the required security and privacy features we may want to have (or be ready to deploy through help from partners).
Proposed by
TFF
Proposal type
Architecture, Other
State
being-discussed

Definitions

  • SA= any system Administrator
  • SA+= any other system administrator with similar rights
  • GA= group administrator
  • GA+= another group administrator of the same Group with similar rights
  • U= authenticated user
  • U+= another authenticated user of the same Group with similar rights
  • A= anyone who is not GA or U of a specific group, nor a SA.
  • Z= comment submittal, draft submittal, blog post submittal, rating assignments, configurations editing, etc; i.e. any finished interaction or interaction session with the system.
  • ... all = all people that have been assigned ... role


AND


!!! - a "must have" feature

!! - a requested feature

! - a less desired feature

? - desired feature, but can be discussed for smaller changes

?? - a feature open for discussion

??? - a feature fully open for discussion in behaviour, ui, architecture...

CF - Criticality Factor. It is the multiplier number for each feature, to be used when calculating penalties on deliverables, in case of bugs or delivery missing. The higher, the most critical the feature is.

Motivation


Assumptions


Proposal

  •  Authentication - !!! CF 3
    •   certainty level by GA that U is U
    •   certainty level by SA that U is U
    •   certainty level by U that U+ is U+
  •  Privacy and Content Authenticity (i.e. Item&Submitter Link) - ??? CF 1
    •   certainty level by GA that U submitted item Z
    •   certainty level by U that anyone knows he submitted item Z
      •    certainty level by U that A knows he submitted item Z
      •    certainty level by U that GA knows he submitted item Z
      •    certainty level by U that U+ knows he submitted item Z
    •   certainty level by U that only U+ knows U submitted item Z
    •   certainty level by U that only GA knows U submitted item Z, but cannot publicly prove that U did it
    •   certainty level by U that only specific receiving U+'s know U submitted item Z, but cannot publicly prove that U did it
  •  Intrusion - !! CF 3
    •   Detection
    •   Prevention
    •   Damage Reparation
  •  Overarching Features
    •   Web data traffic security - ? CF 1
    •   Website spoofing - ? CF 3
    •   Unauthorized databases intrusion for reading, changing, adding deleting user and transactions data - ?? CF 3
    •   Code replacement/injection - ?? CF 3

Implementation


Deliverables


Risks


Progress log


Participants
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: