[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cloudauthz] Use Case Submission: Entitlement Catalog and Separation of Duties - 2 use cases
CloudAuthZ TC – BAC Use case v1.0 1.1
Use Case A: Entitlements Catalog
1.1.1
Description / User Story
An Entitlements Catalog should be available in a standard format so that entitlements could be portable from one service provider to another service provider should such a need arise. Entitlements should have a business meaning. The business meaning is based on Business Process Framework provided by business architects in a standard format. 1.1.2
Goal or Desired Outcome
Financial Company A leverages standards based Entitlements Catalog to retrieve User Entitlements for additional analysis during Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review IAM phases. Entitlements are
both meaningful and portable from one service provider to another. 1.1.3
Notable Categorizations and Aspects
1.1.4
Process Flow
1
TBD 1.2
Use Case B:
Separation of Duties
1.2.1
Description / User Story
Financial company A wishes to use Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review service offerings from a cloud service provider. There is a strong need to know what entitlements conflict with each other
from the stand point of Separation of Duties. Since Entitlements have a business meaning based on Business Process Framework provided by business architects it is possible to design, implement, and access review simple Separation of Duties scenarios. To account for complex and dynamic runtime authorization scenarios an entitlement constraint policy language will have to be used. 1.2.2
Goal or Desired Outcome
Provide a solution to design, implement, and access review simple and complex Separation of Duties scenarios. 1.2.3
Notable Categorizations and Aspects
1.2.4
Process Flow
2
TBD
Radu Marian, MSCS, SCEA, CISSP
Bank of America - Charlotte, NC
VP, Architect 2, Enterprise Security Architecture
Business phone number: (704) 628-6874 an Enterprise without Ontology is like a country without a map. From: cloudauthz@lists.oasis-open.org
[mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Marian, Radu Please see attached
Radu Marian,
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential
and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]