Use Case 15 - Account Management

Revisions

View document revision history.

Goal

Edit a user account. This includes creating, deleting, editing

User Account Management - Create new user account on Identity Provider (also edit, delete, …).

Summary

Perform basic account management operations. This process can be quite complex depending on the identity provider in use and the security policies that need to be addressed.

The use case and interaction presented here assumes a simplistic operation that relies only upon email verification for the new account creation. A more sophisticated interaction might include administrative approval of the new account, selection of an identity provider to use, and assignment of roles based on the level of approval and the nature of the selected identity provider (i.e. trustworthiness of identity provider).

Actors

  • New User

  • Administrator

  • Identity provider

  • Coordinating Node

Preconditions

  • System is operational and policy is in place to accept new users.

Triggers

  • A new user account is requested.

Post Conditions

  • New account is created (if accepted)

  • Access control rules for new account are specified

  • Account information is replicated across CNs

../../_images/098b293e2bea4a710c80d3e3eb3658ef2dcb6ac0fa55da05d2e1c1f0f0e7f70c.svg

Figure 1. Interactions for use case 15.

Notes

  • By default, accounts have no real privileges. To get higher privileges, users may have to jump through more hoops (such as verifying their association with a project/institution)

  • Presumably, if we are using external identity providers this user account management functionality isn’t provided by the CN. Right? (PEA)

This material is based upon work supported by the National Science Foundation under Grant Numbers 083094 and 1430508.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.