160 likes | 289 Views
Authorization Use Cases. Identity and Authorization Services Working Group (IAS-WG) April, 2010. AuthZ Use Case - Web SSO via Web Access Management (WAM) System. Target Resource. Principal. PEP. WAM plug-in. User/device. HTML or web app. Environment Time/Location. PDP. WAM Server.
E N D
Authorization Use Cases Identity and Authorization Services Working Group (IAS-WG) April, 2010
AuthZ Use Case - Web SSO via Web Access Management (WAM) System Target Resource Principal PEP WAM plug-in User/device HTML or web app Environment Time/Location PDP WAM Server PAP PIP WAM console LDAP
Use case details – Web SSO via Web Access Management (WAM) System
AuthZ Use Case - Web SSO via SAML Target Resource Principal PEP SAML-enabled Web app User/device HTML or web app Environment Time/Location PDP SAML server PAP PIP LDAP & SAML consoles LDAP
AuthZ Use Case – File access mediated by operating system (OS) Target Resource Principal PEP OS User/device File Environment Time/Location PDP OS PAP PIP OS utilities OS
Use case details – File access mediated by operating system (OS)
AuthZ Use Case – remote network access to virtual private network (VPN) Target Resource Principal PEP VPN User/device Network Environment Time/Location PDP RADIUS PAP PIP RADIUS utilities RADIUS DB
Use case details – remote network access to virtual private network (VPN)
AuthZ Use Case – Database access using local DB accounts Target Resource Principal PEP DB User/device Rows, columns, or tables Environment Time/Location PDP DB PIP PAP DB security tables DB utilities
AuthZ Use Case – Database access via web application Target Resource Principal PEP Web app/ Service account DB Rows, columns, or tables Environment Time/Location PDP DB PIP PAP DB security tables DB utilities
Use case details – Database access using Database access via web application
AuthZ Use Case: Multi-channel access to financial service Typical self-serve channels include online, ABM, IVR, Mobile Target Resource Principal PEP Involved party/channel Channel Credential Collector Financial web Application or service Environment Channel type, Location PDP AuthZ Web Service PIP PAP LDAP Policy Store Admin point
Use case details: Multi-channel access to financial service (2)