[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Things to do - Requirement Document
Hi, Here are some thoughts on security requirements: 1. Each voter should be authenticated. 2. Each voter should be authorized 3. Voters should be able to verify that their vote is registered 4. There should be no linkage between the voter and a vote. i.e. the votes themselves should be anonymous (Question : Should we also allow optional linkage ? May be in many circumstances, we do want to know who voted for what.) 5. There should be no indirect voter to vote linkage. i.e. this relation shouldn't be derivable based on some other factors (for example by correlating time in a log or a location or a serial number or other similar pieces of information) (Note : This is true even when we allow direct linkage. The point is direct linkage if allowed would be the ONLY way to link a voter with a vote) 6. Each vote could have some location information like a county or similar geographic location. This is used for statistical purposes 7. Transmission of results and other voting related information should be secured 8. Transmission of voting should be secured 9. Security should be the first priority for voting and related systems 10. The system should be able to generate, handle and deliver time locked information 11. The system should be able to handle policies which could be different at different locations - physical or logical 12. The policy admin privileges should be secures and policy changes should be logged 13. The various systems should have logging and auditing facilities - many of them capable of forming permanent and unalterable records with non-repudiation capabilities built-in 14. The logging and audit trails should not violate other requirements like the anonymous voting. 15. The system should be able to catch security in-consistencies for known voting models. i.e. the security policies of known voting models should be pre-programmed and should not be altered cheers |-----Original Message----- |From: Krishna Sankar [mailto:ksankar@cisco.com] |Sent: Tuesday, June 12, 2001 6:37 PM |To: election-services@lists.oasis-open.org |Subject: Things to do - Requirement Document | | |Hi all, | | This is a concise document which will have the |requirements. Sections would |include general, security, interfaces, presentation, ... We would base this |document for developing the specifications. The goal is to develop a |specification which reflects the requirements. | | We need an owner for this document as well. I can take a |first cut at this. | | Please send me your ideas, suggestions, what you want to |see as a part of |the specifications,... | |cheers | | |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC