You are building a web-based portal to support a new online literary
exchange.  Writers can upload works.  Editors (employed by the
magazine) create issues out of uploaded works.  Customers may browse
and purchase either individual works or curated issues.  Customers may
either download e-reader versions of purchased works or access them on
the portal website.  Purchases and payments are made through PayPal; a
small percentage of each purchase goes to the portal and the rest goes
to the writer.

EXTENSION: Meet-the-Author sessions using VOIP

EXTENSION: Writers request reports, filtered by various criteria, of
who has been viewing, purchasing, and accessing their works.

EXTENSION: Move the library collection into the cloud

EXTENSION: Site gets bought out.  New owner adds DRM to the
documents. 

EXTENSION: Allow people to read a certain number of articles for
free.  Where does that affect the threat model? (should it?)