-
Notifications
You must be signed in to change notification settings - Fork 0
Collaborative Threat Modeling
Eric Fitzgerald edited this page Jan 26, 2026
·
3 revisions
Work with your team in real-time on threat models.
TMI supports real-time collaborative threat modeling, allowing multiple team members to work together simultaneously.
- Multiple users can edit the same threat model at once
- Changes appear immediately for all users
- WebSocket-based synchronization
- No need to refresh or manually save
- See who else is viewing/editing
- View collaborator cursors in diagrams
- See active users list
- Real-time change notifications
- Automatic conflict resolution
- Coordinated updates via WebSocket
- Redis-based synchronization
- Optimistic locking where needed
The collaboration dialog displays a list of all participants in the current session. Each participant row shows five columns of information:
| Column | Purpose | Details |
|---|---|---|
| User Type | Identifies host vs participant | Host shows co-present icon; participants show person icon. Tooltip displays localized role name. |
| Permissions | Shows edit access level | Writer shows edit icon; reader shows edit-off icon. Tooltip displays the permission level. |
| Username | Displays participant name | Shows the user's display name with email in tooltip for disambiguation. |
| Presenter | Presenter mode controls | Context-sensitive icon and controls based on user's presenter state. |
| Remove | Session management | Host can remove participants from the session. |
The presenter column displays different controls based on the user's role and presenter status:
For the Host:
- When presenter: Podium icon (active) with "Presenter" tooltip
- When not presenter: Podium icon (inactive) with no action
For Participants:
- Hand Down State: Shows "Person Raised Hand" icon; clicking sends a presenter request
- Hand Raised State: Shows "Person Raised Hand" icon in green; waiting for host approval
- Presenter State: Shows "Podium" icon indicating active presenter role
Host Controls for Participants:
- When a participant is presenter, the host sees a podium icon with close overlay to take back presenter privileges
- When a participant has a pending request, the host can approve or deny via context menu
Presenter state transitions are managed via WebSocket messages:
-
Requesting: Participant clicks hand icon -> sends
presenter_request-> transitions to hand raised state -
Approved: Host approves ->
change_presentermessage -> participant transitions to presenter state -
Denied: Host denies ->
presenter_deniedmessage -> participant returns to hand down state -
Revoked: Host takes back ->
change_presentermessage -> presenter returns to hand down state
| Role | Icon | Description |
|---|---|---|
| Host | Co-present icon | Session creator with full management permissions |
| Participant | Person icon | Session member with permissions based on threat model access |
| Presenter | Podium icon | Current presenter who can guide the session view |
- Open your threat model
- Click "Share" or "Manage Access"
- Add collaborators by email/username
- Set permission levels
- Send invitations
Owner:
- Full control over threat model
- Can delete threat model
- Can manage all permissions
- Can transfer ownership
Writer:
- Can edit all content
- Can add/modify diagrams, threats, notes
- Can add comments
- Cannot manage permissions or delete
Reader:
- View-only access
- Can view all content
- Can add comments
- Cannot edit
- Enter email address or username
- Select permission level
- Add optional message
- Send invitation
- Share threat model with team
- Join video/voice call
- Collaboratively edit diagrams
- Identify threats together
- Document decisions in notes
- Share threat model
- Team members review and add threats
- Use comments for discussion
- Owner reviews and consolidates
- Track changes over time
- Development team creates initial model
- Security team reviews as Reader
- Security adds threats and comments
- Development team addresses findings
- Iterate until approved
- Coordinate major changes
- Use comments for questions
- @mention team members
- Use external chat for complex discussions
- Assign sections to team members
- Use consistent naming conventions
- Document assumptions in notes
- Regular synchronization points
- Small, incremental changes
- Communicate before major edits
- Review others' changes
- Acknowledge contributions
- Select component, threat, or note
- Click "Add Comment"
- Write your comment
- @mention users to notify them
- Reply to comments
- Mark as resolved
- Track conversations
- Link to related items
- See recent changes
- Who made what changes
- When changes occurred
- Navigate to changed items
- Complete history
- User attribution
- Timestamps
- Change details
- New comments
- @mentions
- Major changes
- Permission changes
- Shared threat models
Configure in user settings:
- Email notifications
- In-app notifications
- Notification frequency
- Specific event types
The collaborative diagram editing system uses a server-authoritative architecture:
Starting a Session:
- User loads a diagram locally
- User initiates collaboration via the UI (REST API call to create session)
- Server creates the session and returns WebSocket URL
- Users with "owner" or "writer" roles can enable collaboration
Joining a Session:
- User navigates to available collaboration sessions (filtered by permissions)
- User selects a diagram to collaborate on
- Server sends complete diagram state via
diagram_state_syncmessage - Client initializes the diagram editor with synchronized state
Editing During Collaboration:
- User makes a change to the diagram
- Client sends
diagram_operationmessage to server via WebSocket - Server updates global state and broadcasts to all collaborating clients
- On conflict: Server sends
state_correctionmessage to resync clients
- Update Vector: Each diagram has a version number for conflict detection
- Server-Authoritative State: Server maintains canonical state
- Optimistic Updates: Changes applied locally, rolled back if rejected
- State Correction: Automatic resynchronization when conflicts detected
| Message Type | Direction | Purpose |
|---|---|---|
join_session |
Client -> Server | Join collaboration session |
leave_session |
Client -> Server | Leave collaboration session |
diagram_operation |
Bidirectional | Diagram change operations |
diagram_state_sync |
Server -> Client | Full state synchronization |
state_correction |
Server -> Client | Conflict resolution |
presenter_request |
Client -> Server | Request presenter role |
change_presenter |
Server -> Client | Presenter assignment change |
presenter_cursor |
Client -> Server | Cursor position for presenter |
The DFD editor uses AntV X6 (v2.x) for graph visualization with:
-
Event Tracking:
node:added,node:removed,edge:added,edge:removed, position/size changes -
History Management: Custom
AppHistoryServicefor collaborative undo/redo -
Remote Operations:
AppRemoteOperationHandlerServiceapplies incoming changes -
Presenter Cursors:
ui-presenter-cursor.service.tsfor cursor sharing
For detailed X6 API reference, see DFD Graphing Library Reference.
- Review Managing Threats
- Learn about Issue Tracker Integration
- Explore Using Notes and Documentation
- See Architecture and Design for system-wide architecture
- Using TMI for Threat Modeling
- Accessing TMI
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Metadata and Extensions
- Planning Your Deployment
- Deploying TMI Server
- OCI Container Deployment
- Terraform Deployment
- Certificate Automation
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Monitoring and Health
- Cloud Logging
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks