Rackspace use case impersonation

1.0 Rackspace use cases for OASIS TC IDCLoud

1.1 Use Case ##: Impersonation

1.1.1 Description/User Story

Customers of the cloud provider may require a cloud provider to supply support in a way that impersonates the identity of the customer without sacrificing security. One instance is when a support representative needs to troubleshoot issues that are only seen by the rights and roles given to the end-user.

1.1.2 Goal or Desired Outcome

Standards exist for to handle the auditing, security, and functionality of impersonating customer identities.

1.1.3 Notable Categorizations and Aspects

Categories Covered:

· Primary

○ Infrastructure Identity Establishment

· Secondary

○ Audit and Compliance

Featured Deployment and Service Models:

· Deployment Models

○ None Featured

· Service Models

○ None Featured

Actors:

· Cloud Provider support technician

· Cloud provider customer

Systems:

· Cloud Provider Identity Mgmt. System, helps manage resources such as:

o Cloud customer identity stores

o Cloud support identity stores

Notable Services:

o Cloud Identity Provider Services

Dependencies:

· Standards based configuration template (for provisioning identities)

Assumptions:

· Customer approves in a legal fashion that support may act on-behalf-of their customer identity for support purposes.

1.1.4 Process Flow

1. A cloud provider customer calls the cloud provider support desk with an issue that needs troubleshooting.

2. Cloud provider support determines that troubleshooting requires the technician to act on-behalf-of the customer

3. Cloud provider support technician logs into a support application using their support identity.

4. Cloud provider support locates the customer in the system and activates an impersonation operation

5. Logging & auditing capture cloud provider support actions as they perform actions as the customer identity in the cloud.

id-cloud message