Re: Proxy User Stories

A few more :

Khaled runs the gateway protecting the browsing of various VIPs. Those
VIPs have access to various top secret information, but are too important
to go through computer security refreshing courses. The gateway must
protect their systems from malware and other attacks. To make the malware
work more difficult it requires human authentication of web accesses, but
VIPs do not like the hassle of using different passwords and Khaled knows
most of them will reuse internal passwords on the gateway. To limit the
risks of APT Khaled needs the web client to clearly identify the gateway
auth prompt so an attacker can not spoof it. Likewise, web-client to
gateway auth must be encrypted to avoid credential capture by agencies
managing temporary physical access to internal networks.

Lydia handles vast sums of money at work (trader, tax official handling
huge corporations/very rich persons, etc). After several high profile
cases of insider trading/corruption where citizens where asked to foot the
bill enraged deputies voted laws that required monitoring of work
communications of people like Lydia to limit the risks of new occurrences.
Some of the persons Lydia needs to communicate with at work use Google
services. Lydia likes her well-paid job and needs a way to configure her
web clients to expose all her Google traffic to the monitoring system,
without MITM Google CAs leaking to the general public. Since she does not
want to be held responsible for the mistakes of her co-workers she wants
this traffic to be clearly authenticated.

Nicolas Mailhot

Received on Thursday, 12 December 2013 13:17:09 UTC