Changes between Version 5 and Version 6 of T12_Security/ESG/LoginAttributeRequestAndAuthorizationPushAndPullModel


Ignore:
Timestamp:
08/09/08 12:17:46 (11 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • T12_Security/ESG/LoginAttributeRequestAndAuthorizationPushAndPullModel

    v5 v6  
    1616---- 
    1717 
    18 === User Registration for new Dataset (User attribute assignment) === 
    19  
    20 ==== Description ==== 
    21 This use case describes the browser based profile for a user to register to access a new dataset. 
    22  
    23 ==== Actors ==== 
    24  a. NCAR User i.e. user belongs to a member organisation of the ESG federation. 
    25  a. Client browser 
    26  a. NCAR IdP (Identity Provider or in the language of OpenID an 'OpenID Provider' where the NCAR user is registered) 
    27  a. NCAR user profile.  A set of information about the NCAR user held by the NCAR IdP.  This could be for example a database record. 
    28  a. BADC site serving secured dataset datasetA. 
    29  a. BADC Attribute Service responsible for access attribute assignment.  This site: 
    30    * hosts an attribute request form where users can register, agree to terms and be allocated the attribute attributeA to enable them to access datasetA; 
    31    * has a service which a site hosting datasetA data can invoke to find out if a given user is registered for attributeA 
    32  
    33 ==== Assumptions ==== 
    34  * Use case for browser based access 
    35  * user is not logged in to NCAR site 
    36  * user doesn't have authorization for datasetA access 
    37  * control to datasetA is governed by an attribute called attributeA. 
    38  
    39 ==== Triggers ==== 
    40 A user requires access to datasetA from the BADC site. 
    41  
    42 ==== Outcome ==== 
    43 User is granted access rights to secured datasetA data from BADC site. 
    44  
    45 ==== Normal Course ==== 
    46  1. The BADC site redirects the user's browser to the authorization request form hosted at the BADC. 
    47  1. The user completes details, agrees to the terms of a usage policy, submits and awaits a response. 
    48  1. The details from the form are submitted to the BADC Attribute Service. 
    49  1. The user is approved for access to datasetA.  (This may an immediate decision or it may require submission to an approval panel). 
    50  1. When approved, the Attribute Service creates a user profile for this user containing attributeA. 
    51  1. If approval is immediate, the BADC can redirect the NCAR user to the page for datasetA download. 
    52  1. If approval requires submission to an approval panel, then the BADC site lets the user know that this is the case and that they will be informed of a decision by e-mail (or other means). 
    53  
    54 ---- 
    5518 
    5619=== Login and Authorization (using push and pull model for user attribute handling) === 
     
    10164 1. The PEP grants access to the data. 
    10265 1. Download of datasetA commences for the NCAR user. 
     66 
     67 
     68=== User Registration for new Dataset (User attribute assignment) === 
     69 
     70==== Description ==== 
     71This use case describes the browser based profile for a user to register to access a new dataset. 
     72 
     73==== Actors ==== 
     74 a. NCAR User i.e. user belongs to a member organisation of the ESG federation. 
     75 a. Client browser 
     76 a. NCAR IdP (Identity Provider or in the language of OpenID an 'OpenID Provider' where the NCAR user is registered) 
     77 a. NCAR user profile.  A set of information about the NCAR user held by the NCAR IdP.  This could be for example a database record. 
     78 a. BADC site serving secured dataset datasetA. 
     79 a. BADC Attribute Service responsible for access attribute assignment.  This site: 
     80   * hosts an attribute request form where users can register, agree to terms and be allocated the attribute attributeA to enable them to access datasetA; 
     81   * has a service which a site hosting datasetA data can invoke to find out if a given user is registered for attributeA 
     82 
     83==== Assumptions ==== 
     84 * Use case for browser based access 
     85 * user is not logged in to NCAR site 
     86 * user doesn't have authorization for datasetA access 
     87 * control to datasetA is governed by an attribute called attributeA. 
     88 
     89==== Triggers ==== 
     90A user requires access to datasetA from the BADC site. 
     91 
     92==== Outcome ==== 
     93User is granted access rights to secured datasetA data from BADC site. 
     94 
     95==== Normal Course ==== 
     96 1. The BADC site redirects the user's browser to the authorization request form hosted at the BADC. 
     97 1. The user completes details, agrees to the terms of a usage policy, submits and awaits a response. 
     98 1. The details from the form are submitted to the BADC Attribute Service. 
     99 1. The user is approved for access to datasetA.  (This may an immediate decision or it may require submission to an approval panel). 
     100 1. When approved, the Attribute Service creates a user profile for this user containing attributeA. 
     101 1. If approval is immediate, the BADC can redirect the NCAR user to the page for datasetA download. 
     102 1. If approval requires submission to an approval panel, then the BADC site lets the user know that this is the case and that they will be informed of a decision by e-mail (or other means). 
     103 
     104----