UseCase: DetermineAuthority

PrimaryActor:

Gatekeeper daemon for a data resource.

---

OtherActors:

User of the VO.

---

EndResult:

Gatekeeper knows what permissions User has on the given resource: permission to read/copy it, permission to alter it etc.

---

PreConditions:

• User and Gatekeeper have authenticated User's identity.
• User's affiliations (see below) have been recorded and are accessible to Gatekeeper.
• Gatekeeper has been told which parties and groups have which authorities over the resource.

---

FlowOfEvents:

1. User names the resource and the type of access required.
2. Gatekeeper looks up User's list of affiliations (see description below).
3. For each affiliation, plus users individual identity, Gatekeeper looks to see if the desired access if allowed.

---

PostCondition:

Gatekeeper has a yes/no answer as to whether the desired access is allowed.

---

BasicAssumptions:

User's identity is presented in some standard form that is meaningful to Gatekeeper.

---

Discussion:

Most of the rights over controlled resources acrue to users by affiliation: i.e. by membership of groups such as project teams. A few rights acrue by indivdual identity: e.g. sole ownership of results of searches stored on the grid. Hence, Gatekeeper really needs a list of affiliations and User's identity is just an intermediate step in finding this. The identity can be considered as an affiliation to a group consisting just of User.

---

AlternativeFlows:

type here

---

Links to ScienceProblems:

type here

---

KeyReferences:

See the UML work for the authorization sub-system (when it finally appears).

---

---

GoodStyle: Please add comments below. This area should be used for refinement of the above document. If you want to ask questions or start a dialogue with the author, please use (or create) a topic in the Use Cases Forum.
Author: Once the refinements here and comments in the forum die down, perhaps you could rewrite the problem, incorporating the comments and refinements.

---

-- GuyRixon - 08 Feb 2002