Sample-Use-Case

advertisement
1. Use Case Template
Each use case is presented in the following normative template for ease of comparison:










Description / User Story
Goal or Desired Outcome
Categories Covered
Applicable Deployment Models
Actors
Systems
Notable Services
Dependencies
Assumptions
Process Flow
1.1 Description / User Story
A general description of the use case in consumer language that highlights the compelling need
for one or more aspects of Identity Management while interacting with a cloud deployment model.
1.2 Goal or Desired Outcome
A general description of the intended outcome of the use case including any artifacts created.
1.3 Categories Covered
A listing of the Identity Management categories covered by the use case (as identified in section
XXX)
1.4 Applicable Deployment and Service Models
A listing of the cloud deployment and service models covered by the use case (as identified in
section XXX)
These categories include:
 Cloud Deployment Models
○ Private
○ Public
○ Community
○ Hybrid
 Service Models
○ Software-as-a-Service (SaaS)
○ Platform-as-a-Service (PaaS)
○ Infrastructure-as-a-Service (IaaS)
○ Other (i.e. other “as-a-Service” Models)
1.5 Actors
A listing of the actors or roles that take part in the use case.
1.6 Systems
TBD
1.7 Notable Services
A listing of services (security or otherwise) that contribute to the identity management aspects of
the use case.
1.8 Dependencies
A listing of any dependencies the use case has as a precondition.
1.9 Assumptions
A listing of any assumptions made about the use case including its actors, services, environment,
etc.
1.10 Process Flow
A detailed stepwise flow of actions that comprise the use case.
2. Use Cases
2.1 Use Case 1: Application and Virtualization Security in the
Cloud
2.1.1 Description / User Story
Cloud Computing environments have one or more virtual machines/images running on a Host
Operating system on a server. Applications run inside these virtual machines (Guest Operating
systems). Applications can run directly on the host operating system. Identities can be
associated with each of these virtual machines. Identities can be associated with the applications
running on that server (including the virtual machines).
Virtual Machines can be owned by different owners. We have identities that administer the virtual
machines. We have identities that use the applications. The Virtual Machine identities may not be
the same as the application identities. Authentication and validation of Identities by the cloud
infrastructure may not be sufficient for the owners of virtual machines.
2.1.2 Goal or Desired Outcome
We have separation of identities and ownership is not just cloud provider.
Could be one or more identity services (e.g. Amazon owns one, Customer owns another)
Since a cloud server can have multiple virtual machines and applications run on these guest
operating systems, it is important to manage the identities that exist in the host operating system,
virtual machines as well as applications. Additionally, it should be possible for VM owners to do
their own proofing of identities.
2.1.3 Notable Categorizations and Aspects
Categories Covered:
 Primary
 Infrastructure IdM
 General Identity Management (IM)
 Secondary:
 Acct and Attr Mgmt.
 FIM
Actors:





Server Administrator.
Virtual Machine Owner
Virtual Machine Administrator
Application Deployer
Application User
Applicable Deployment and Service Models:
 Cloud Deployment Models
○ Private (F)
○ Public (F)
○ Community
○ Hybrid
 Service Models
○ Software-as-a-Service (SaaS) (S)
○ Platform-as-a-Service (PaaS) (F)
○ Infrastructure-as-a-Service (IaaS) (F)
Systems:
 None
Notable Services:




Virtual Machines
Hypervisors
Host Operating System
Cloud Identity Stores (transformation of identities)
Dependencies:
 None
Assumptions:
 Multiple virtual machines run on a single host operating system.
 Not all virtual machines running on a single host operating system is owned by a single
entity.
2.1.4 Process Flow
1 A Server Administrator (One type of identity) administers a server in the cloud. He has
privileges to administer the host operating system and its services.
2 A Virtual Machine Owner (an identity) or a virtual machine administrator (an identity)
commissions a virtual machine to run on this server.
3 An Application Deployer (an identity) then deploys an application on a virtual machine.
4 An Application User (an identity) then makes use of this application.
5 The Server Administrator, Virtual Machine Owner, Application Owner and Application User
identities are authenticated/validated/transformed against an identity store/service that
exists in the cloud.
6 The cloud identity system can transform a federated identity to a local identity if needed.
Download