Enterprise to Cloud to End User Authentication Use Case
Title: Enterprise to Cloud to End User Authentication
Use Case Description: An enterprise is using the cloud to deliver data and services to the end user.
Use Case Category: Cloud Computing
Contributor: NIST Cloud Computing Use Cases
Use Case Details
Actors:
- Enterprise
- Cloud Provider
- End User
Goals: An enterprise is using the cloud to deliver data and services to the end user.
Assumptions: All parties Enterprise, Cloud Vendor, and End User have been issued credentials
in an Identity Ecosystem. The end user interacts with the enterprise, the enterprise
accesses the cloud to retrieve data and / or manipulate it, sending the results to
the end user. The end user can be someone within the enterprise or an external
customer. Access to the cloud service should not require a particular platform or
technology. An enterprise user is likely to have an identity with the enterprise.
Requirements:
Process Flow:
Success Scenario: The cloud service must authenticate the end user. The ideal is that the enterprise
user manages a single ID, with an infrastructure federating other identities that
might be required by cloud services. Cloud vendors provide an API for determining
the location of the physical hardware that delivers the cloud service. Enterprise
applications need to combine data from multiple cloud-based sources, and they need
to coordinate the activities of applications running in different clouds. Enterprises
must be able to manage the lifecycle of applications and documents. Management
of Virtual Machines and of cloud services such as storage, databases and message queues is needed to track what services are used. Governance is crucial to ensure
that policies and government regulations are followed wherever cloud computing is
used.
Error Conditions: Depending on the kind of data the enterprise is managing on the user's behalf, there
might be legal restrictions on the location of the physical server where the data is
stored. Although this violates the cloud computing ideal that the user should not
have to know details of the physical infrastructure, this requirement is essential.
Writing custom code that works only for a particular vendor’s cloud service locks
the enterprise into that vendor’s system and eliminates some of the financial benefits
and flexibility that cloud computing provides. Discovery is a major issue for many
organizations. There are substantial legal liabilities if certain data is no longer
available.
Relationships
- Extended by:
- Extension of:
References and Citations