Enterprise to Cloud to End User Authentication Use Case

From IDESG Wiki
Jump to navigation Jump to search

Title: Enterprise to Cloud to End User Authentication


Use Case Description: An enterprise is using the cloud to deliver data and services to the end user.


Use Case Category: Cloud Computing


Contributor: NIST Cloud Computing Use Cases


Use Case Details

Actors:

  • Enterprise
  • Cloud Provider
  • End User


Goals: An enterprise is using the cloud to deliver data and services to the end user.


Assumptions: All parties Enterprise, Cloud Vendor, and End User have been issued credentials in an Identity Ecosystem. The end user interacts with the enterprise, the enterprise accesses the cloud to retrieve data and / or manipulate it, sending the results to the end user. The end user can be someone within the enterprise or an external customer. Access to the cloud service should not require a particular platform or technology. An enterprise user is likely to have an identity with the enterprise.


Requirements:


Process Flow:


Success Scenario: The cloud service must authenticate the end user. The ideal is that the enterprise user manages a single ID, with an infrastructure federating other identities that might be required by cloud services. Cloud vendors provide an API for determining the location of the physical hardware that delivers the cloud service. Enterprise applications need to combine data from multiple cloud-based sources, and they need to coordinate the activities of applications running in different clouds. Enterprises must be able to manage the lifecycle of applications and documents. Management of Virtual Machines and of cloud services such as storage, databases and message queues is needed to track what services are used. Governance is crucial to ensure that policies and government regulations are followed wherever cloud computing is used.


Error Conditions: Depending on the kind of data the enterprise is managing on the user's behalf, there might be legal restrictions on the location of the physical server where the data is stored. Although this violates the cloud computing ideal that the user should not have to know details of the physical infrastructure, this requirement is essential. Writing custom code that works only for a particular vendor’s cloud service locks the enterprise into that vendor’s system and eliminates some of the financial benefits and flexibility that cloud computing provides. Discovery is a major issue for many organizations. There are substantial legal liabilities if certain data is no longer available.


Relationships

  • Extended by:
  • Extension of:

References and Citations