directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [Tripesec] Drive by Use Case / Use Example?
Date Sun, 28 Oct 2007 08:25:53 GMT

On Oct 27, 2007, at 5:46 PM, Ole Ersoy wrote:

> Hey Guys,
>
> Seen tons of good material from both Alex and David so far, and I  
> think I'm getting what Triplesec is supposed to do in general.  I  
> wonder if it might help to state use cases / concrete examples?   
> Here's a quick example:
>
> Use Case / Use Example
> ---------------------------------------------------
> Allow user Joe read access to file below /home/commons/
> on host 192.168.1.64
> ---------------------------------------------------
>
> I think this would allow people on the list to say "Yeah - If I  
> could centrally store the rule that Joe should be allowed to read  
> everything under /home/commons on 192.168.1.64 that would be really  
> valuable."   Also people would be able to focus in on the example  
> and ask more questions about it, and each mail thread would be  
> focus on each use case.
>
> Then we could keep enumerating all the scenarios until everything  
> is covered like:
>
> Use Case
> ---------------------------------------------------
> Allow user Joe write access to files below /home/commons/only-joe/
> on host 192.168.1.64
> ---------------------------------------------------
>
> Use Case
> ---------------------------------------------------
> Allow user Apache read access to files below /var/www/html/
> on host 192.168.1.64
> ---------------------------------------------------
>
> (The above are the same use cases / examples.  I personally get the  
> "Aha!" feeling quicker with lots of examples with minor variations,  
> such as as this with one with user being a human user in the first  
> case and a daemon in the second...).
>
>
> Use Case
> ---------------------------------------------------
> Create a Role JoeRole
> ---------------------------------------------------
>
> Use Case
> ---------------------------------------------------
> Assign User Joe to JoeRole
> ---------------------------------------------------
> etc
>
> These use cases could be put in separate thread so that so that  
> each could be discussed separately from everything else.  In this  
> last case, people might ask "How would I define Joe  
> Programatically?", "Why would I assign Joe to JoeRole?" or "What if  
> I wanted to assign JoeRole to JoeDaddyRole?", "Who's your Daddy?",  
> etc.
>
> Anyways, just an idea.  I'm off vacation for seven days, so sorry  
> if I don't get a chance to respond right away, if anyone comments  
> on this.

This might be a good idea although I'm afraid of the number of use  
cases we will find.  I think the ones I'm most interested in (or at  
least the ones I can  think of quickly) are:

1. I'm an app server, and we've authenticated the user.  The user is  
trying to access some part of an application.  Should I let them?

2. I'm a security admin, and we just hired joe.  I need to enter his  
info into the system and make it so he has the permissions he needs  
to do his job, and no other permissions.

3. I'm a security admin, and we just got a new program.  I need to  
make it so the people who need to use the program have the  
permissions to do so, and no one else does.

4. I'm the administrator of a dynamic content application such as a  
portal, and we just added content.  I need to assign permissions so  
the people who need to see it can and no one else does.

5. I'm the triplesec contractor, and I need to install triplesec in  
this system with thousands of existing users, hundreds of  
applications, and thousands of permissions.  I need to set up  
triplesec to work with the existing data.

Just as I'm scared of being able to understand a model spread across  
5 email threads, I'm scared of trying to understand use cases spread  
through many threads.  We'll see :-)

thanks
david jencks

>
> Cheers,
> - Ole
>
>
>


Mime
View raw message