[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [cloudauthz] Use Case Submission: Entitlement Catalog and Separation of Duties - 2 use cases - ASCII
CloudAuthZ TC ? BAC Use case v1.0 1.1 Use Case A: Entitlements Catalog 1.1.1 Description / User Story Financial company A wishes to use a service offering from a cloud service provider. There is a strong need to know what entitlements User has during Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review phases of IAM. An Entitlements Catalog should be available in a standard format so that entitlements could be portable from one service provider to another service provider should such a need arise. Entitlements should have a business meaning. The business meaning is based on Business Process Framework provided by business architects in a standard format. 1.1.2 Goal or Desired Outcome Financial Company A leverages standards based Entitlements Catalog to retrieve User Entitlements for additional analysis during Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review IAM phases. Entitlements are both meaningful and portable from one service provider to another. 1.1.3 Notable Categorizations and Aspects Categories Covered: ? Standard Entitlements Model o Entitlements Semantics o Entitlements Portability ? Entitlement Assignment ? User Provisioning ? Runtime Authorization ? Access Review Applicable Deployment and Service Models: ? Cloud Deployment Models ○ Public ○ Private ? Service Models ○ Infrastructure-as-a-Service (IaaS) Actors: ? Entitlements Manager ? Business Architect ? Access Reviewer ? User Systems: ? Enterprise ? Cloud Service Provider ? Entitlement Model Repository Notable Services: ? User Entitlement Management Services: o GetUserEntitlements ? retrieve User entitlements.o Dependencies: ? Entitlements are grouped into Role(s) ? Roles are grouped into Profile(s)? . Assumptions: ? Business Process Framework is provided as input to the Entitlements Model.? 1.1.4 Process Flow 1 TBD 1.2 Use Case B: Separation of Duties 1.2.1 Description / User Story Financial company A wishes to use Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review service offerings from a cloud service provider. There is a strong need to know what entitlements conflict with each other from the stand point of Separation of Duties. Since Entitlements have a business meaning based on Business Process Framework provided by business architects it is possible to design, implement, and access review simple Separation of Duties scenarios. To account for complex and dynamic runtime authorization scenarios an entitlement constraint policy language will have to be used. 1.2.2 Goal or Desired Outcome Provide a solution to design, implement, and access review simple and complex Separation of Duties scenarios. 1.2.3 Notable Categorizations and Aspects Categories Covered: ? Entitlement Semantic Model ? Entitlement Assignment ? Runtime Authorization ? Access Review Applicable Deployment and Service Models: ? Cloud Deployment Models ○ Public ○ Private ? Service Models ○ Infrastructure-as-a-Service (IaaS) Actors: ? Business Architect ? Entitlements Designer ? Entitlements Manager ? Access Reviewer ? User Systems: ? Enterprise ? Cloud Service Provider ? Entitlement Model Repository Notable Services: ? User Entitlement Management Services: o GetUserEntitlements ? retrieve User entitlements. o FindConflictingEntitlements ? for a given number of entitlements list conflicting entitlements Dependencies: ? Entitlements are grouped into Role(s) ? Roles are grouped into Profile(s) ? Entitlement conflicts are traced back to entitlement constraints assigned during design time. Assumptions: ? Business Process Framework is provided as input to the Entitlements Model.? 1.2.4 Process Flow 2 TBD ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]