Use Case Submission: Context Driven Entitlements

[Anil Saldhana <Anil.Saldhana@redhat.com>]

Submitter: Anil Saldhana, Red Hat Inc.
Version: 1

Use Case 1: Context Driven Entitlements

** Description/User Story **

In a Cloud Computing Environment, access decisions need to be made based
on the context. The context includes the subject, the resource, the action
, the environment and attributes of each of these. Access Decisions can be
made if entitlements or permissions the subject has, can be obtained.

** Goal or Desired Outcome **

Entitlements or permissions of a subject during an access decision check 
can be
obtained from a repository or service.


** Categories Covered **

- Authorization.
- Account and Attribute Management. (Provisioning)
- Audit and Compliance.

** Applicable Deployment and Service Models **

- All Cloud Deployment Models (Private, Public, Community and Hybrid)
- All Service Models (SaaS, Paas and Iaas)


** Actors **
- Cloud User.
- Cloud Resource.

** Notable Services **

- Cloud Authentication Service.
- Cloud Authorization Service.
- Cloud Entitlement Service.


** Dependencies **
N/A

** Assumptions **

- Entitlements or permissions for a subject are stored in a repository 
or can be obtained from an external service.

** Process Flow **
A Cloud User tries to access a Cloud Resource. The Cloud Authorization 
Service tries to determine if the Cloud User
has access to the Cloud Resource. The Cloud Authorization Service needs 
the permissions or the entitlements the Cloud
User has. It asks a Cloud Entitlement Service for the permissions or 
entitlements the Cloud User has for the particular
Cloud Resource, for the particular action and the environment such as IP 
Address, DateTime etc. The Cloud Entitlement
Service returns a set of permissions. The Cloud Authorization Service 
does the access check based on the entitlements.