1. Architecture overview
  2. Implementation and documentation
    1. Syslog clients
    2. Syslog accumulator
      1. Can TCP be used instead of UDP?
    3. Database schema
    4. Monitor
      1. Requirements
    5. Integration patterns
      1. "Step Down Assurance" (remove Silver, then remove Bronze, then perhaps force reset)
  3. Availability concerns
    1. Failure patterns and mitigations
  4. Related concerns / Best practices for credential stores
    1. Protection against password theft (vs guessing)
    2. "Backoff" procedures
    3. CAPTCHA
    4. IP address tracking
  5. Will this pass audit?
    1. Auditor-oriented White Paper