OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cloudauthz message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Use Case Submission: Context Driven Entitlements

Submitter: Anil Saldhana, Red Hat Inc.
Version: 1

Use Case 1: Context Driven Entitlements

** Description/User Story **

In a Cloud Computing Environment, access decisions need to be made based
on the context. The context includes the subject, the resource, the action
, the environment and attributes of each of these. Access Decisions can be
made if entitlements or permissions the subject has, can be obtained.

** Goal or Desired Outcome **

Entitlements or permissions of a subject during an access decision check can be
obtained from a repository or service.

** Categories Covered **

- Authorization.
- Account and Attribute Management. (Provisioning)
- Audit and Compliance.

** Applicable Deployment and Service Models **

- All Cloud Deployment Models (Private, Public, Community and Hybrid)
- All Service Models (SaaS, Paas and Iaas)

** Actors **
- Cloud User.
- Cloud Resource.

** Notable Services **

- Cloud Authentication Service.
- Cloud Authorization Service.
- Cloud Entitlement Service.

** Dependencies **

** Assumptions **

- Entitlements or permissions for a subject are stored in a repository or can be obtained from an external service.

** Process Flow **
A Cloud User tries to access a Cloud Resource. The Cloud Authorization Service tries to determine if the Cloud User has access to the Cloud Resource. The Cloud Authorization Service needs the permissions or the entitlements the Cloud User has. It asks a Cloud Entitlement Service for the permissions or entitlements the Cloud User has for the particular Cloud Resource, for the particular action and the environment such as IP Address, DateTime etc. The Cloud Entitlement Service returns a set of permissions. The Cloud Authorization Service does the access check based on the entitlements.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]