Team,
Thanks,
Jimmy Mohsin
Cell +1-609-635-1703
Security Specific Use Cases
(led by Jimmy Mohsin)
Per http://wiki.eclipse.org/Use_case_actors,
the Software Developer role is one of the two key kinds of actors in Eclipse
COSMOS, the other being Admin. The Monitor Administrator is an Admin who is
responsible for the installation, configuration, and operation of COSMOS. Given
this definition, the Monitor Administrator will configure COSMOS Security.
Traditionally, the Security Administrator owns Security; however,
per the Use Case Actors page referenced above, the role of Security Administrator
does not exist in COSMOS yet.
Related components/technologies/standards:
WS-Security
Use Case: Monitor Administrator creates / deletes a user with
Software Developer role
Actor: Monitor Administrator
Description:
1.
Monitor
Administrator gets a request and relevant details to create / delete a user
with Software Developer role
2.
Monitor
Administrator accesses the relevant UI and fills in the data pertaining to the
new user and assigns them the Software Developer role
3.
Monitor
Administrator notifies the Software Developer in regards to their credentials,
in case of a new account creation
Enhancements: 209337 (i8) 205863 (i9)
Use
Case: Monitor Administrator creates / deletes a user with Admin role
Actor: Monitor Administrator
Description:
1.
Monitor
Administrator gets a request and relevant details to create / delete a user
with Admin role
2.
Monitor
Administrator accesses the relevant UI and fills in the data pertaining to the
new user and assigns them the Admin role
3.
Monitor
Administrator notifies the Admin in regards to their credentials, in case of a
new account creation
Enhancements: 209337 (i8) 205863 (i9)
Use
Case: Monitor Administrator grants / revokes access to an MDR for a Software
Developer role
Actor: Monitor Administrator
Description:
1.
Monitor
Administrator gets a request and relevant details to grant / revoke access to
an MDR for a specified user
2.
Monitor
Administrator accesses the relevant UI and adds / removes access to the
specified MDR for the user in question
3.
Monitor
Administrator notifies the user in regards to their updated MDR access
Enhancements: 209337 (i8) 205863 (i9)
Use
Case: Admin or Software Developer changes password
Actor: Admin or Software Developer
Description:
1.
User logs into
their account
2.
User navigates
to the change password UI
3.
User updates
their password
Enhancements: 209337 (i8) 205863 (i9)
Use
Case: Logout due to user inactivity
Actor: Admin or Software Developer
Description:
1.
User logs into
their account
2.
User does not
perform any activity for a specified duration [15 minutes ?]
3.
User is
automatically logged out the protect COSMOS from unauthorized access
Enhancements: 209337 (i8) 205863 (i9)
Use
Case: Response to COSMOS Security breach
Actor: Unauthorized user or virus / malware
Description:
This is a KEY use case since we provide federation-enabling
tools...
1.
COSMOS
security is breached via one of the following activities
1. Unauthorized user access to COSMOS
2. Virus detected on a COSMOS server (what about
clients?)
3. Malware detected on a COSMOS server (what about
clients?)
2.
Access to
COSMOS is instantly shut down
3.
All COSMOS
Admins are notified
Enhancements: 209337 (i8) 205863 (i9)