Context Navigation

ThreatAnalysis

-              v22
+              v23
  * the Principle of Least Privilege, and
  * Timely Revocation of Trust?
+This design assumes that user authentication will be handled separately from access control and will be reliable.  It also assumes that ORBIT users will protect their passwords and not intentionally loan them to others.  These two assumptions allow a person to be related to a user id.
+It is assumed that access control will not modify scheduling that is currently based on users not projects.
+It is assumed that access control will not need to interface with cost accounting.  It is assumed that any denial of access to overdrawn users will be enforced by user authentication.  If it is required to enforce project-level denial of access due to cost considerations it might be possible to enforce it when an already authorized user attempts to select that project or when he or she accesses an object with a cost associated with it.