OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cloudauthz message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cloudauthz] Use Case Submission: Entitlement Catalog and Separation of Duties - 2 use cases

CloudAuthZ TC – BAC Use case v1.0

1.1 Use Case A:  Entitlements Catalog

1.1.1 Description / User Story

Financial company A wishes to use a service offering from a cloud service provider.  There is a strong need to know what entitlements User has during Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review phases of IAM.

 

An Entitlements Catalog should be available in a standard format so that entitlements could be portable from one service provider to another service provider should such a need arise.

 

Entitlements should have a business meaning. The business meaning is based on Business Process Framework provided by business architects in a standard format.

1.1.2 Goal or Desired Outcome

Financial Company A leverages standards based Entitlements Catalog to retrieve User Entitlements for additional analysis during Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review IAM phases.  Entitlements are both meaningful and portable from one service provider to another.

1.1.3 Notable Categorizations and Aspects

Categories Covered:

·     Standard Entitlements Model

·         Entitlements Semantics

·         Entitlements Portability

·     Entitlement Assignment

·     User Provisioning

·     Runtime Authorization

·     Access Review

Applicable Deployment and Service Models:

·     Cloud Deployment Models

  Public

  Private

·     Service Models

  Infrastructure-as-a-Service (IaaS)

Actors:

·     Entitlements Manager

·     Business Architect

·     Access Reviewer

·     User

 

Systems:

·     Enterprise

·     Cloud Service Provider

·     Entitlement Model Repository

Notable Services:

·     User Entitlement Management Services:

·         GetUserEntitlements – retrieve User entitlements.

·          

Dependencies:

·     Entitlements are grouped into Role(s)

·     Roles are grouped into Profile(s)

·     .

Assumptions:

·     Business Process Framework is provided as input to the Entitlements Model.

·      

 

1.1.4 Process Flow

1    TBD

 

1.2 Use Case BSeparation of Duties

1.2.1 Description / User Story

Financial company A wishes to use Entitlement Assignment, Provisioning, Runtime Authorization, and Access Review service offerings from a cloud service provider.  There is a strong need to know what entitlements conflict with each other from the stand point of Separation of Duties.

 

Since Entitlements have a business meaning based on Business Process Framework provided by business architects it is possible to design, implement, and access review simple Separation of Duties scenarios.

 

To account for complex and dynamic runtime authorization scenarios an entitlement constraint policy language will have to be used.

1.2.2 Goal or Desired Outcome

Provide a solution to design, implement, and access review simple and complex Separation of Duties scenarios.

1.2.3 Notable Categorizations and Aspects

Categories Covered:

·     Entitlement Semantic Model

·     Entitlement Assignment

·     Runtime Authorization

·     Access Review

Applicable Deployment and Service Models:

·     Cloud Deployment Models

  Public

  Private

·     Service Models

  Infrastructure-as-a-Service (IaaS)

Actors:

·     Business Architect

·     Entitlements Designer

·     Entitlements Manager

·     Access Reviewer

·     User

 

Systems:

·     Enterprise

·     Cloud Service Provider

·     Entitlement Model Repository

Notable Services:

·     User Entitlement Management Services:

·         GetUserEntitlements – retrieve User entitlements.

·         FindConflictingEntitlements – for a given number of entitlements list conflicting entitlements

Dependencies:

·     Entitlements are grouped into Role(s)

·     Roles are grouped into Profile(s)

·     Entitlement conflicts are traced back to entitlement constraints assigned during design time.

Assumptions:

·     Business Process Framework is provided as input to the Entitlements Model.

·      

 

1.2.4 Process Flow

2    TBD

 

 

 

Radu Marian, MSCS, SCEA, CISSP

Bank of America - Charlotte, NC

VP, Architect 2, Enterprise Security Architecture                                                

Business phone number: (704) 628-6874

an Enterprise without Ontology is like a country without a map.

 

From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of Marian, Radu
Sent: Monday, March 04, 2013 10:30 AM
To: cloudauthz@lists.oasis-open.org
Subject: [cloudauthz] Use Case Submission: Entitlement Catalog and Separation of Duties - 2 use cases

 

Please see attached

Radu Marian,

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]