Application assets

The homeserver will have to perform all actions listed for the individual roles in the functional requirements section.

To fulfill these requirements, the homeserver will keep the following state (information assets in STRIDE terminology). Each piece of state is annotated by the actions involved in its lifecycle.

• Group state (for message delivery, including associated metadata such as group membership lists)
  • Create: Group creation
  • Read, Update: Message delivery (with inline MLS group management)
  • Delete: Group deletion
• KeyPackages for retrieval by clients
  • Create/Update/Delete: KeyPackage publishing (publication of new KeyPackages implies deletion of old ones)
  • Read/Delete: KeyPackage retrieval (reading implies deletion, except for KeyPackages of last resort)
• Authentication key material of users and their clients
  • Create/Update/Delete: Client management
  • Update: Account reset
  • Delete: Account deletion
  • Read: Client authentication
• User ids
  • Create: User registration
  • Update: Display name change
  • Read: User discovery
  • Delete: Account deletion

This section will be extended with more information assets as the specification is written.