PWNISMS-Threat-Model-Structured/examples/sample_scenario.md

Example scenario (excerpt)

Use a full system description in markdown: components, data flows, users, compliance, and trust boundaries. The model responds with a single JSON object (no code fences) matching threat_model_schema.json.

This file is illustrative; replace with your own scenario text.

Sample title

A minimal API service that issues OAuth tokens to internal services behind mTLS.

Application Information

• REST API on AWS Lambda behind API Gateway
• Tokens signed with an AWS KMS key; rotation weekly
• Audit logs to CloudWatch

Users

• Internal service principals only (no public internet clients)

Compliance

• SOC 2