Trusted Audit is a typical requirement for use cases, where the activities of users are captured for later evaluation. One typical use case for which Trusted Audit and Alarms is important is called "Brake the Glass" where the user has unrestricted access to a Access Control protected Web Service otherwise. But for later evaluation that all actions taken are related to the claimed use case, Trusted Audit is activated.
The implementation of Trusted Audit is good example, where security functions for assuring Integrity, Confidentiality and Access Control need to play together to ensure the prevention of unauthorized modification or disclosure of the audit information.
Alarms is a security function that supports to trigger certain actions if conditions (often declared in a policy) are met. A typical use for Alarms is when an untrsuted (or anonymous) user is making critical requests; for example the user is requesting personal information.