Difference between revisions of "Security Usecases"

From Second Life Wiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
===Use Case: <the name should be the goal as a short active verb phrase> ===
== Writing Usecases ==
These use case follow [http://alistair.cockburn.us/index.php/Basic_use_case_template Alistair Cockburn's template]. Note that there are several stages of usecase. If you want to grab a template for the early stage of a use case, you can get it [[Early Stage Usecase Template| here]]
 
== Firewall Realted Use Cases ==
 
===Use Case: Asset Security ===


'''Goal in Context:'''
'''Goal in Context:'''
   
   
<a longer statement of the goal, if needed>
Private assests owned by an avatar (identity) should not be identifiable or usable by any other avatars (identities) unless the avatar chooses to change the permission. Avatars should not lose control of these assets if they move to other regions.


'''Scope:'''
'''Scope:'''
   
   
<what system is being considered black-box under design>
Permisions on assests


'''Level:'''
'''Level:'''
   
   
<one of: Summary, Primary task, Subfunction>=
Primary Task


'''Primary Actor:'''
'''Primary Actor:'''
   
   
<a role name for the primary actor, or description>
avatar, asset, asset permission


'''Priority:'''
'''Priority:'''
   
   
<how critical to your system / organization>
Protecting personal assests and their value is a very high priority.


'''Frequency:'''
'''Frequency:'''
   
   
<how often it is expected to happen>
Expected to happen frequently (every session).


----
----
===Use Case: <the name should be the goal as a short active verb phrase> ===
 
===Use Case: Region Script Secruity ===


'''Goal in Context:'''
'''Goal in Context:'''
   
   
<a longer statement of the goal, if needed>
Regions should be able to control the execution of Scripts brought in by assets of avatars.  For example, a secure region inside a firewall should be able to prevent scripts in rez'ed assets from listening to chat or scanning for other avatars.  Basically, we need to prevent spying in secure regions.


'''Scope:'''
'''Scope:'''  
   
   
<what system is being considered black-box under design>
avatar operating inside a "secure" region


'''Level:'''
'''Level:'''
   
   
<one of: Summary, Primary task, Subfunction>=
Primary Task


'''Primary Actor:'''
'''Prrimary Actor:'''
   
   
<a role name for the primary actor, or description>
avatar inside a "secure" region such as behind a firewall.


'''Priority:'''
'''Priority:'''
   
   
<how critical to your system / organization>
This is a priority for private regions where it is important to prevent the uncontroled outward flow of information.


'''Frequency:'''
'''Frequency:'''
   
   
<how often it is expected to happen>
This is expected to be a key issue for organizations and corporations attempting to protect information.
----


----
===Use Case: Prevention of unauthorized Access ===
===Use Case: <the name should be the goal as a short active verb phrase> ===


'''Goal in Context:'''
'''Goal in Context:'''
   
   
<a longer statement of the goal, if needed>
A secure region should be able to prevent unauthorized avatars (identities) from accessing or viewing a region. It should not be possible to "fake" the identity of a valid avatar.


'''Scope:'''
'''Scope:'''
   
   
<what system is being considered black-box under design>
Avatar


'''Level:'''
'''Level:'''
   
   
<one of: Summary, Primary task, Subfunction>=
Primary task


'''Primary Actor:'''
'''Primary Actor:'''
   
   
<a role name for the primary actor, or description>
Avatar with invalid "identities" or faked "identities"


'''Priority:'''
'''Priority:'''
   
   
<how critical to your system / organization>
This is a key requirement for any non-public region.


'''Frequency:'''
'''Frequency :'''
   
   
<how often it is expected to happen>
This will occur with any non-public region.


----
----

Latest revision as of 13:43, 15 October 2007

Writing Usecases

These use case follow Alistair Cockburn's template. Note that there are several stages of usecase. If you want to grab a template for the early stage of a use case, you can get it here

Firewall Realted Use Cases

Use Case: Asset Security

Goal in Context:

Private assests owned by an avatar (identity) should not be identifiable or usable by any other avatars (identities) unless the avatar chooses to change the permission. Avatars should not lose control of these assets if they move to other regions.

Scope:

Permisions on assests

Level:

Primary Task

Primary Actor:

avatar, asset, asset permission

Priority:

Protecting personal assests and their value is a very high priority.

Frequency:

Expected to happen frequently (every session).

Use Case: Region Script Secruity

Goal in Context:

Regions should be able to control the execution of Scripts brought in by assets of avatars. For example, a secure region inside a firewall should be able to prevent scripts in rez'ed assets from listening to chat or scanning for other avatars. Basically, we need to prevent spying in secure regions.

Scope:

avatar operating inside a "secure" region

Level:

Primary Task

Prrimary Actor:

avatar inside a "secure" region such as behind a firewall.

Priority:

This is a priority for private regions where it is important to prevent the uncontroled outward flow of information.

Frequency:

This is expected to be a key issue for organizations and corporations attempting to protect information.

Use Case: Prevention of unauthorized Access

Goal in Context:

A secure region should be able to prevent unauthorized avatars (identities) from accessing or viewing a region. It should not be possible to "fake" the identity of a valid avatar.

Scope:

Avatar

Level:

Primary task

Primary Actor:

Avatar with invalid "identities" or faked "identities"

Priority:

This is a key requirement for any non-public region.

Frequency :

This will occur with any non-public region.

Retrieved from "https://wiki.secondlife.com/w/index.php?title=Security_Usecases&oldid=35806"