Realtime Collaboration Pattern

When to Use

Internal and external partners must share documents and work at the same time such as collaboration on business documents such as project map, strategy plan. Other pointers: Browser based interface; Business is information owner and takes decision who gets access to which information; Strong two factor authentication by using MTAN, or token (i.e. OTP, certificates).

When NOT to Use

Unable to distribute tokens.

Typical Challenges

Real-time Collaboration on business documents is not an ad-hoc solution; there are permanent user accounts in conjunction with access to dedicated storage place. The challenge will be the user provisioning, to ensure that a user account is bounded to a contract or agreement and will be maintained according to the user life cycle process.

Threat Resistance

The residual risk that will always stay is regarding the unmanaged Client of the external partner (data leakage). This risk varies depending whether it is a client of a trusted company or a client of a private person.
The following threats should be considered:

• Files can be stored by external users which are containing malicious code
• User gets to much permission or wrong folder access
• Versioning conflict if to many users working on the document during the same time

Assumptions

It is assumed that shared information will be confidential and so the communication channel and the storage place should therefore be encrypted. There is also a high technical requirement to the availability to the document which is the working target of the real-time collaboration on documents. An other aspect is capacity of the available storage, it has to be assumed that documents are growing during the period of collaboration till the document becomes the final status. Audit trails have to be available. Simple process for user provisioning available.