[Use Case Patterns] Layered approach to define comprehensive, audience-specific use cases

[victorjunlu]

Reference: https://capec.mitre.org/about/glossary.html#Attack_Pattern

Threat modeling can be approached in layers. Considering these different perspectives ensures the threat model remains relevant for stakeholders, promoting completeness and highlighting that specific threat catalogs may align better with certain perspective. Similarly, when defining use cases, we can apply this layered thinking to create comprehensive, audience-specific use cases that generate interest in this initiative from all related parties.

To define use cases related to the identity of a person on the internet, particularly concerning whether they are alive or deceased, we can adopt a structured framework with three levels (Or two layers): Meta, Standard, and Detailed. This approach allows for a comprehensive understanding of the complexities surrounding digital identity while considering broader social implications. Following are just some examples:

1. Meta Use Cases
   Meta use cases address high-level concepts and the social impacts of digital identity management:

   Digital Identity and Social Responsibility: Examines the responsibilities of platforms in managing identities, especially regarding misinformation from AI-generated content and the ethical implications of deceased users' accounts.

   Legacy and Digital Continuity: Focuses on challenges families face in managing the digital assets of deceased individuals and the emotional effects of encountering their digital footprints.

   Accountability in Software Development: Investigates issues arising when software developers pass away, including project maintenance and legal complexities surrounding ownership.

   Regulation and Governance: Explores the need for policies that protect digital identities and govern the use of AI in content creation, ensuring responsible management of online presence.

2. Standard Use Cases

Standard use cases detail specific scenarios requiring identity verification:

Social Media Account Management: Outlines processes for verifying user status and memorializing accounts of deceased users.

Online Services Authentication: Details techniques for periodic identity verification to ensure that services are accessed by living individuals.

3. Detailed Use Cases

Detailed use cases provide in-depth descriptions of specific identity verification situations:

Memorialization Process on Facebook:
    Family members submit a request to memorialize an account, which is verified through documentation and allows friends to leave messages while restricting access.

Identity Verification for Banking Services:
    Banks send verification requests to users after inactivity, requiring confirmation through two-factor authentication to secure access.