When considering any system, it’s sensible to get a firm grasp on how the system will be used. This clarifying exercise helps define the bigger picture and put everyone on the same page. Here’s a first stab at a “use case” for Sanctuary IdP. We’ll see how that may boil down to requirements for our system.
An individual arrives at our facility. She’s afraid her significant other has been gas lighting her, giving hints that her conversations have not been private as she thought. She needs a safe haven and people to talk to. She needs to know that she’s not losing her mind since it’s quite possible her phone and her laptop have been compromised. She needs a private phone line to communicate with her friends and perhaps a lawyer or police, and she needs access to a phone on site not previously attributed to her. She needs voicemail to retrieve missed messages when she returns to the safe phones. Text messaging may be important, even if only from the facility. She needs a separate email account right away that will persist through her ordeal, perhaps clean file storage for documents, and she needs a clean computer to use to access that account, at least while at the facility.
If in fact the technology she uses is targeted, then so may be the facility’s tech. It must be solid and secure to keep her, staff, and others, safe.
While our use case has threat and intrigue, when viewed dispassionately, the underlying basic technical requirements don’t seem to vary too much from those to set up a small-to-medium-sized business office. Differences may include the need for heightened security and perhaps a sensitivity to cost and the system’s physical footprint.
We’ll work through those soon. In the meantime, can we imagine other “use cases” — scenarios that we might want to address?