STAR Scope

Notes

Identification

Security

Who are you?

What system are you talking to me from?

How do I identify the business role you are playing?

Are you an individual human or an automated system?

Authentication

Security

Can I prove you are who you say you are?

What technology will prove you are who you say you are?

Privacy/Confidentiality

Security

Are we the only ones who can read the business data?

Content Integrity

Reliability

Was the message received exactly as sent?

Non-Repudiation of originator

Auditing

Can I prove you sent me this exact message?

Non-Repudiation of receipt

Auditing

Can you prove that I received the message?

Non-Repudiation of content

Auditing

Can you prove that I received the message exactly as sent?

Trusted Timestamps

Auditing

Can we reliably prove when a message was sent or received?

Can we enable synchronization of system time?

Authorization

Future

Are you allowed to execute this business transaction?

Trust Models       

How do I go about authenticating you?

Do we need a 3rd party?

Do we have to assign each other credentials such as usernames and passwords or digital certificates?

Can we use federated systems to authenticate each other?

Attack Prevention                      

Future

Can someone easily impersonate our systems, messages or credentials? Can our architectures avoid misdirected or malicious attacks?