OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Extracted ITML Session Management Use cases and requirements

Use Cases and Requirements

The following Use cases describe the interactions supported by this
specification.

1.a. Browser-based Single Sign-on to ecosystem
1.	A user logs on to Jamcracker.  
2.	The accesses a partner site that participates in the ITML session
management ecosystem.  The user is not prompted for an authentication
credential.  Authorization to resources is controlled by the partner.  This
use case may be described as centralized authentication and delegated
authorization.

1.b.Log-off
1.	A user has signed on to Jamcracker.  They can choose to log out of
the entire ecosystem from the Jamcracker portal.  They can also choose to
log out of a particular partner from the partner site

1.c. Time-Out
1.	A user has abandoned their interactions with the ecosystem.  The
virtual session must be purged from all machines participating in the
ecosystem and the session.

1.d.Traversal to multiple partner sites
1.	A user may travel from Jamcracker to site A and Site B.  It is
imperative that the most recent access time of the ecosystem be the relevant
access time for purposes of timeout of the echosystem.


Requirements
1.	The session information shall map easily to web sessions.
2.	The algorithm must be robust in the case of failure of a
communication path or node
3.	The algorithm must allow for Partners to not notify in the case of
session update
4.	The algorithm must allow for failure of Partners
5.	The algorithm must work with version 4.0 + web browsers and wireless
devices
6.	A user timed-out from an ASP should be able to re-access the ASP
without prompt for username/password.


Assumptions
A primary assumption has been made:

1. "Users tend to interact frequently within an ASP and infrequently
interact across multiple ASPs".  

This assumption allows the use of a conversation between Jamcracker and an
partner when for purposes of timing out and logging out. 

2.	There is a prior existing trust relationship between Jamcracker and
the partner.
3.	The Content of the session is defined separately, such as S2ML.
4.	Offline support is not required.
5.	It is required that Jamcracker be informed of accesses to partner
systems for the purposes of billing, anonymity is a bug not a feature.
6.	Authorization information exchange is not required.
7.	Access to an ASP before access to Jamcracker is not required.  That
is, there is no requirement for complex redirecting from ASP to JC back to
ASP if correctly logged on.  Microsoft Passport, Netegrity Siteminder, etc.
provide this functionality and we are loath to re-create it.  

Dave Orchard
XML Architect
Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
p: 408.864.5118     m: 604.908.8425    f: 408.725.4310

Named to Red Herring's list of 100 Most Important Companies:
www.redherring.com/mag/issue79/herring100/jamcracker.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC