Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Access Control Use Cases"
| Line 21: | Line 21: | ||
British Airways administrators can: | British Airways administrators can: | ||
* update all attributes except "customer" attributes | * update all attributes except "customer" attributes | ||
| + | |||
| + | == Find privileged user == | ||
| + | * Use a key to uniquely lookup a user in the backing store as a sufficiently privileged user and then use the authorization characteristics of that user for all subsequent requests. | ||
== See Also == | == See Also == | ||
Revision as of 02:03, 9 May 2008
This page is a collection point for IdAS access control use cases. It is really just fodder for discussion for the "access control work area" that we're starting up (now that 1.0 is out)...
We need to collect a set of representative use cases and see just how powerful a mechanism is needed in Higgins. If we move beyond just a few simple use cases, we'll likely just want to start looking at profiling XACML.
Contents
HR directory
Each person listed in the directory can:
- update selected attributes of their own entry (Node)
- see/read all attributes of their own entry
Authorized members of the HR department can:
- edit all attributes of every entry
- see/read all attributes of their own entry(role=HR-mgr)
Doc Searl's "Vendor Relationship Management"
Each customer of British Airways can:
- update selected attributes of their Node (e.g. email address)
- see/read selected attributes of their own entry
British Airways administrators can:
- update all attributes except "customer" attributes
Find privileged user
- Use a key to uniquely lookup a user in the backing store as a sufficiently privileged user and then use the authorization characteristics of that user for all subsequent requests.