In general, a process on a mobile device may find itself in different contexts in which different inputs are available. Construction patterns are used to infer when this means data must be cached, as discussed in issue #109.
Fixes to address that issue don't quite cover all possible scenarios, some of which are spurious. Modelling error threats should be added to detect these situations and flag the need for changes to the system modeller user. One of the scenarios mentioned in issue #109 involves an interactive process that cannot access all necessary inputs in any context, and this can now be refined.
The new modelling errors represent situations that are inconsistent with the domain model assumptions:
Error 1: when an interactive Process has no context where it can be accessed by its user and it can access all necessary uncached inputs from services and deliver all uncached outputs to services.
Error 2: when a Process has a necessary input that cannot be accessed in any context.
Note that previously (in issue #109), Error 1 was not limited to uncached inputs. Error 2 may be unnecessary because if data cannot flow in any context, it is likely that no data flow would be generated.
These are difficult to implement, as they require threat patterns that match a condition not being met. They cannot be added as a change to address #109, so are hereby moved to a separate issue.
In general, a process on a mobile device may find itself in different contexts in which different inputs are available. Construction patterns are used to infer when this means data must be cached, as discussed in issue #109.
Fixes to address that issue don't quite cover all possible scenarios, some of which are spurious. Modelling error threats should be added to detect these situations and flag the need for changes to the system modeller user. One of the scenarios mentioned in issue #109 involves an interactive process that cannot access all necessary inputs in any context, and this can now be refined.
The new modelling errors represent situations that are inconsistent with the domain model assumptions:
Note that previously (in issue #109), Error 1 was not limited to uncached inputs. Error 2 may be unnecessary because if data cannot flow in any context, it is likely that no data flow would be generated.
These are difficult to implement, as they require threat patterns that match a condition not being met. They cannot be added as a change to address #109, so are hereby moved to a separate issue.