I am trying to do my part 2 which is a reverse auction project. I just started to read the requirement. One question that came to my mind is how much detail. Like, in one case it says "authorized rep doing some action......" .nowhere else it is mentioned other than one use case. Now, can we include this authorization in assumption list and focus on other business details or we need to create some module in design explaining authentication and authorization?