security requirements

[Chris Muller]

After a lot of reading and thinking a lot about security for Magma, some vague
ideas have formed in my head for requirements:

	#1  it should punish senders of bad, mal-formed or forged requests.
	#2  Byte and word buffers should be encrypted on disk in case the file-system
is compromised.
	#3  messages should be secure across the public network full of nosey
wire-tappers.
	#4  Security within the object-model (for business applications - individual
object-access based on role hierarchy).

Are there any other requirements I should be considering?

Can secure sockets handle #3?  If not encryption/decryption would burden the
program way up in the Smalltalk layer; not good.

I've given some thought to implementation for these but am mostly focused on #1
at this time.  I've posed an invitation for discussion about #1 on squeak-dev,
but what does anyone think of these other requirements?

 - Chris