security design

Question

Closed this issue 3 years ago · 0 comments

Design of security controls against the identified threats from #1.

Integrity of information, so that it can only be written by identified and authorised actors. The design will consider fine-grained access control, for example to 'schema' metadata (the definitions of data correctness for a domain) and to the access control lists, which my be embedded in the domain data itself.
The expectation is that the solution will involve strong (cryptographic) binding of access control (however implemented) to user or system identities. In some cases data authority may not correctly be represented as an access control list, and so the design will allow for external authority models such as consensus and permissionless protocols.
- integrity design documentation in GitHub

Traceability and non-repudiation of information is often mandated in regulated systems. This is
typically well addressed in blockchain-based systems but not directly in real-time collaborative data
structures. The design will consider how to record data operations with strong (cryptographic)
binding to user identities.
- traceability design document in GitHub