Use-Case/Business-Case Integration

[Mohammad Jafari <mjafari@edmondsci.com>]

Hi,

 

I wanted to suggest that we keep some sort of unified format for collecting reference use-case/business cases so that we can understand the use-cases better and compare/analyze similar/repetitive/alternative use-cases more easily. Particularly, I think having a simple user story or application scenario (alongside tracing them to the higher-level business artifacts) helps the comprehensibility.

 

I have read the ones posted by Mike and Radu but they are at very different level of detail and I am having a hard time understanding how some of the very general requirements mentioned in Radu’s document will be translated to actual user stories/requirements. I also have a few use-cases in mind to suggest but I want to make sure how they are compared with the existing ones and whether they are genuinely new use-cases.

 

Regards,

Mohammad Jafari

Security Architect, Edmond Scientific Company

 

From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Anil Saldhana
Sent: Monday, February 11, 2013 7:54 AM
To: cloudauthz@lists.oasis-open.org
Subject: Re: [cloudauthz] RE: Oasis CloudAuthZ Entitlements Model Informal Work Session

 

On 02/09/2013 01:30 PM, Mike Poulin wrote:

Dear Colleagues,

I am thankful to Radu for conducting and leading this Working Group but I have a few comments on the procedure aspects.

It is an *informal* session that Radu wants to hold to discuss some work he has done and some thoughts on entitlement model he has. At this time, it is Radu's model.  It does not have any immediate bearing on CloudAuthZ. When there is enough refinement work done on Radu's model and TC consensus exists on Radu's model held via official TC meetings and ballots, it becomes TC work. During our regular TC meetings when we hold a discussion on Radu's model, it is official TC work.

1. I think that we all have equal rights and our comments are not for the presenter's acceptance or not but for the protocol. If it is difficult to lead the discusstion and make notes simultaneously (which it is), I can recommend what we do in another OASIS TC - we make an audio-record of the entier session and upload it into the TC's area on OASIS' Site. For example, I was disagree with Radu about reletionships of Role and Task but this is not recorded in the Sessions 'protocol'.

All TC members have equals rights. Nobody is denying your rights, Mike. :)

2. I think that further evolution of the diagrams represented by Radu does not meet our real need. Particularly, one diagram reflects non-described reslationships of non-defined entities while another diagram depicts a process of development of Entitlement System.  I believe that it is too early talking about the development process if it is reasonable at all because I cam not sure that the TC is going to stnadardise it. At the same time, I beleive that it is time to start WRITE DEFINITIONS of the entities presented in the Radu's diagram. He knows what he means and kindly ready to explain this but I do not want to ask him again and again to do this. I prefer to read it and be sure that all memebers are agree with particular definition. Entitlement ontology is a grate and serious part of Authorisation for Clouds; just a diagram does not define or explain anything, it just illustrates. But to understand this illustratioun EVERYONE has to know what is illustrated even in an absence of Radu.

Radu should have a writeup on what his model elements are. At this time, he has put together a diagram. I am sure he will be adding some details about his model.

I'd like to have TC decision on this matter (regardless my presence in the meeting).

3. A question to our Chair - why we have started with the Entitlement ontology (this is how Radu explained his diagram finally but after my confused  suggestions) instead of working on justifiable and comprehensive discovery and definition of what differences Authorisation in Clouds has from regular Authorisation in an enterprise?  Why we created this TC?  I believe that only answer to these questions will allow us to form a particular view on Entitlement solution and its ontology.

Informal sessions on an objective of the charter - define entitlements and develop details for various cloud models, is not a bad thing irrespective of timing. :)

There are a lot of attempts to pin existing enterprise authorisation solution to Cloud and nobody is interested in any standardisation in this area. We have to demonstrate and defend our demonstration of the _technical_, _economic_ and _polical_ need for a standard for Cloud authorisation; this is our primary task, not an entitlement itself.

4. I still have no feedback to my TC post of business cases for authorisation. Nobody even sent me a message saying how these business cases differ from use-cases that everybody talked initially...  I think that the TC leadership has to be a bit more demanding.

OASIS work is a voluntary effort. Everybody has their jobs and we get tons of emails everyday. The more demanding TC leadership becomes, volunteer work will just wither away. <poof/>   The TC is in early days of operation. The ship will steady to a nice rhythm in the next few weeks.

Thank you,
- Michael Poulin

 

 

----- Original Message -----

From: Marian, Radu

Sent: 02/08/13 09:34 PM

To: 'Kenneth Stavinoha (kestavin)', Anil Saldhana (Anil.Saldhana@redhat.com), 'David Chadwick', 'Chris Hyzer', 'Mark Lambiase', Barbir, Abbie, Mike Poulin (mpoulin@usa.com), Frick, Cynthia, Mark Lambiase

Subject: [cloudauthz] RE: Oasis CloudAuthZ Entitlements Model Informal Work Session

 

Dear Colleagues,

 

We’ve held our first informal entitlements modeling session this Wednesday February 6^th at 11am.  Here are the minutes:

 

1.    Mike Poulin has joined the informal modeling session.

2.    Radu went over the following artifacts:

a.     Proposed CloudAuthZ Business Drivers to Use Cases.doc

b.    Proposed Oasis CloudAuthZ Entitlements Model

3.    Mike had quite a few probing questions to understand the overall principles and intent of the model and made the following suggestions:

c.     Rename "Resource" to "Business Resource"

d.    Rename “Resource” to “[adjective-tbd] Policy”

4.    Ken (or Chris?) has made the following suggestion:

e.    Add a hierarchical relation to Action – similar to resource.  The goal is to have admin action inherit all privileges from it child pages (read, add, change, delete).

 

P.S.  The next modeling session is on February 20^th at 11am.  I will also update the meeting invite body to reflect the time – David thank you for your suggestion.

 

Best regards,

Radu Marian

an Enterprise without Ontology is like a country without a map.

 

 

-----Original Appointment-----
From: Marian, Radu
Sent: Monday, February 04, 2013 12:22 PM
To: Marian, Radu; 'Kenneth Stavinoha (kestavin)'; Anil Saldhana (Anil.Saldhana@redhat.com); 'David Chadwick'; 'Chris Hyzer'; 'Mark Lambiase'; Barbir, Abbie; Mike Poulin (mpoulin@usa.com); Frick, Cynthia
Cc: Mark Lambiase
Subject: Oasis CloudAuthZ Entitlements Model Informal Work Session
When: Wednesday, February 06, 2013 11:00 AM-12:00 PM (GMT-05:00) Eastern Time (US & Canada).
Where: webex

 

 

This is an informal work session around proposed Oasis CloudAuthZ Entitlements Model

 

 

 

-+-----+-----+-----+-----+-----+-----+-----+-----+-

[Do not add or change anything below this line. The information in this section may be replaced with your meeting details after you click Send.]

 

-------------------------------------------------------

To start this meeting

-------------------------------------------------------

1. Go to https://attend.webex.com/attend/j.php?J=644835161

2. If you are not logged in, log in to your account.

 

-------------------------------------------------------

Teleconference information

-------------------------------------------------------

Provide your phone number when you join the meeting to receive a call back. Alternatively, you can call:

Call-in toll-free number (Premiere): 1-866 222 6658  (US)

Show global numbers: https://www.myrcplus.com/cnums.asp?bwebid=8369444&ppc=237796&num=1866+222+6658&num2=1

Host access code: 414 764 2

Attendee access code: 237796

 

You scheduled this meeting.

 

Meeting Number: 644 835 161

Meeting Password: This meeting does not require a password.

 

-------------------------------------------------------

** If you setup PGi Teleconferencing within WebEx and encounter dial back issues, contact PGi at https://bofa.pgimeet.com/.

-------------------------------------------------------

 

To learn more about WebEx visit the ProductBuzz site.

http://productbuzz.bankofamerica.com/Pages/Products/WebEx.aspx

 

-------------------------------------------------------

This Bank of America web conferencing service is externally hosted over the Internet.  Bank of America or its vendor may record the audio and visual portions of the web conferencing session and will implement industry standard measures to protect it according to its sensitivity. Information that is privileged, confidential and/or proprietary are subject to important terms and conditions at http://www.bankofamerica.com/emaildisclaimer.

 

By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting and that Bank of America has the right to retain and use the data and communications.

-------------------------------------------------------

[MC MeetingInfo For Host (Productivity Tools)]

 

http://www.webex.com