Use Case Term Norm. Excercise
resource deployment context> | <resource context> | <role context>
Actors
- Server Administrator
- Virtual Machine Owner
- Virtual Machine Administrator
- Application Deployer
- Application User
- Middleware Administrator (middleware container with middleware stack )
- Middleware Deployer
- Cloud Tenant Administrator
- Cloud Resource / SaaS Administrator (setting up of Tenant Administrator)
- Cloud Tenant Administrator
- Enterprise User
- Enterprise Identity Administrator
- Company A Employee
- Company A Manager
- Company A Controller
- Supplier (Company B)
- Users/Subscribers (#16 -
- Administrators(#16 – admin applications on enterprise or clouds)
- COI Data Managers (#16
- Registration Officers (#16
- Central HR Officials (#16
- Branch Office HR Officials (#16
- Cloud Based Application (CBA)
- External Identity Governance Application (IGA)
- Enterprise (?)
- Enterprise Employee
- Business Partner
- Customer
- Customer Employee
- Consumer
- Consumer Identity Provider
- Tenant Administrator
- Multi-tenant Service Provider
- Identity Provider (System or service?)
- Company Security Engineer
- Company Human Resource Manager
- Company Employee
- Company Security Auditor
- Company Compliance Officer
- Cloud vendor & their OEMs etc
- Government agency
- Government agency employee
- Government agency outsource provider/third party support org
- Users, Cloud Storage Provider, Identity Provider (#29)
- Financial (Mobile) Customer
- Enterprise administrators
- Service provider administrators
- Enterprise Administrators
- Cloud Provider (SaaS, PaaS, IaaS)
- SaaS Application
- End-user’s browser
- End-user
- Enterprise
- Cloud Provider
- Employee
- Auditor
- Receiver Entity: organization or person receiving a business document via a specified channel
- Receiver Admin User: if the Receiver Entity requires human approval of new trading partner setup requests, the user who is authorized to approve such requests.
- Sender Entity: organization or person sending a business document to a trading partner.
- Sender User: if a human initiates the sending of a business document, that person.
- Sender Admin User: if Sender Entity has a pre-existing account on the Receiver Commerce Cloud, the person who controls access to that account.
Notable Services
- Virtual Machines
- Hypervisors
- Host Operating System
- Cloud Identity Stores (transformation of identities, Directory Services, )
- Cloud Identity Services
- Cloud Applications
- Cloud Attribute Services
- Cloud Application Authentication Validation Service
- Cloud Application Access Control System Service
- Cloud Application Auditing Service
- Cloud Application Administration Service
- The remote API or requestable service point that facilitates the request/response protocol for the collection of the defined entitlement model,
- Cloud Application Federation Service
- Cloud Application Identity Mapping / Linking Service
- Cloud Application Authorization Service
- Cloud Audit Services
- SaaS Federation Service
- SaaS Application Identity Mapping / Linking Service
- Enterprise Identity Provider (IdP) (enterprise authentication system)
- Cloud Identity Provider (IdP) (token issuer)
- Cloud Service Provider (SP) (applications to validate and authenticate security tokens issued by Enterprise or Cloud-based IdPs)
- Kantara Identity Assurance Framework (IAF) or FederalBridge PKI/eAuthentication services (#16)
- PKI (#16 - certificate and encryption services)
- The remote API or requestable service point that facilitates the request/response protocol for the collection of the defined entitlement model,
- CRM Service
- Mail Service
- Cloud Applications and Services
- Cloud Identity Provider Services
- Cloud Attribute Services
- Identity Provider Discovery services
- Single Sign-On (SSO) – User Authentication to Public Cloud provides credentials needed to Manage/Access Cloud Storage Services.
- Access Control Services – Manage Roles and Security Policies
- Cloud Storage Services – Manage Cloud Content (e.g. Upload, Download, Delete, Tag, View, etc.) such as company videos and enforce company’s security policies.
- Cloud Applications and Services
- Either Cloud or off-cloud (centralized) Identity Provider Services
- Either Cloud or off-cloud (centralized) logon Services
- Cloud Access/Privilege Management Services
- Cloud Attribute Services
- Authorization Service
- Delegation Service
- Single Sign-On (SSO) – User Authentication to Cloud provides credentials needed to Manage/Access Cloud IaaS Services.
- Multi-factor authentication
- Access Control Services – Manage Roles and Security Policies (e.g. customer’s identification information)
- Cloud Provider Management Console
- OTP Server/Service
- PKI Certificate Enrollment & Validation Service.
- Identity Provider service
- Two-Factor Authentication (2FA) service
- SaaS applications
- Logging
- Asset Tracking
- SSO
- Endpoint Authentication
- Message Delivery Service:delivers a message of a specified type to a specified Receiver Entity.
- Entity Registry Provisioning Service:provisions a new Identity in an Entity Registry (e.g. for a Sender in a Receiver Commerce Cloud Entity Registry).
- Entity Registry Metadata Record Services: queries, creates or updates a Metadata Record for a particular service supported by an Entity in an Entity Registry/ Repository.
- Relationship Authorization Service: enables the submission of a request by a Sender Entity to be recognized as matching a certain record in the Receiver’s vendor/customer master table (which may or may not have been synchronized with the Receiver Commerce Cloud)
Systems
- Cloud Application Administration System
- Cloud Identity Store
- Cloud Authorization/Policy Store
- Cloud Auditing store
- SaaS Applications
- Identity Provider
- SRM System in Company A’s internal/corporate LAN
- CRM System in Company B’s internal/corporate LAN
- Company B’s online shop in the Public Cloud
- Company A’s BI System in the Public Cloud
- Central HR System (#16)
- Central Provisioning System (#16)
- Central Attributes System (#16)
- Branch Office HR Systems (#16)
- Branch Office Provisioning System (#16)
- Branch Office Attribute Systems (#16)
- Cloud Management Platform
- Cloud Asset Management Systems and CMBDs
- Sender Commerce Cloud: cloud service that sends all of a Sender Entity’s commerce transactions of a particular type to recipients (a) via certain sender-designated channels (e.g. email), but also (b) via receiver-designated electronic channels for Receiver Entities discovered to be compatible through querying an Entity Registry / Metadata Repository.
- Receiver Commerce Cloud: cloud service that receives and electronically processes transactions of a particular type on behalf of a Receiver Entity.
- Entity Registry: registry service allowing the retrieval of information about entities and the services they support, through pointers to Entity Metadata Repositories containing the relevant information. Such a Registry/Repository acts as a component of a Commerce Cloud.
- Entity Metadata Repository: contains Metadata Records about certain services supported by an Entity. Records for an Entity in a Repository may be managed either (a) by that Repository, or (b) by the Entity itself, via its own designated Repository. Records may be stored in one addressable source repository location, or may be cached, replicated or synchronized to other repositories.
- Intercloud Exchange: cloud broker or exchange service through which a set of subscribed Entities or Commerce Clouds become compatible with a set of entities larger than those supported directly by such Clouds’ other systems.
- Intercloud Gateway: the system component implemented by a Commerce Cloud through which it connects for sending or receiving with a certain set of compatible entities.
- Intercloud Root Entity Registry: a single root system with which certain compatible Entity Registries are synchronized, directly or indirectly.