Actors

This page collects who are the actors (abstract people) involved in the processes of CAcert.org, and what things (use cases) they need to do.

Personas for Roles

We can also use placeholder names to reference the different actors in our search for functional requirements.

NRP / Nona / NYRP "nerp"

Members

Alice

Alice is the registered Member who agrees to the CCA and is part of the Community. Alice can do:

Things Alice doesn't get

Things that Alice isn't going to get on this system:

Assurer / Bob

Bob, an Assurer, can do everything Alice can do, and:

Things outside:

Organisations

An Organisation-as-Member has the following:

Org Admins

Org Assurers

Special and Powerful Roles on the Inside

Support Wing includes Arbitrators, Support Engineer, and Case Manager. Although all these people are Members, they are also "inside" the CA and are powerful. in special ways.

Arbitrator

Justine is an experienced Assurer (so he can do everything Bob can do) who was appointed as Arbitrator for a given case.

Sometimes this one is known as Trent for the Trusted Third Party. However, this is normally expected to be the CA itself, so it is confusing. We should probably choose a persona to do resolution of disputes. RODney?

The Token system

The token system is an interface to request information from whoever has that inf* Arbitrator has no access to the account, just a cut&paste of the data.

Getting the info; Has to get the information from somewhere could be support, could be one support person only pass authorisation to the person, cannot see it by self

Principle:

Arbitrator can order anything ... but must not get access.
Tokens are open, all powerful:

Off-system:

The Arbitrator is presented with a decision to make (asked a question).

He needs:

Case Manager

Support / Stephan and Stephanie

Stephanie works for CAcert.org as Support Engineer.

Support has capability to do a lot of stuff. Support needs an authorisation for each action, called an Authorisation Token. Hence the Principle:

Every support action should be authorised by a token.

Perhaps call this as an Action Authorising Token... AAT

This follows from another Principle:

There is no direct database query access provided to anyone.
Support does the basic stuff.

Sysadm - The Ultimate Override

The sysadm has to do the stuff that is too hard / emergencies. There is no defined method for this in the system. It is simply recorded here as the place where s**t gets cleaned up.

Miscellaneous

Statistics

There is a need for statistics on a group / person basis