Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UC] Overview/Log of Resource Access (Behaviour) #84

Open
termontwouter opened this issue Jan 1, 2025 · 0 comments
Open

[UC] Overview/Log of Resource Access (Behaviour) #84

termontwouter opened this issue Jan 1, 2025 · 0 comments
Labels
triage Issues needing triage usecase LWS Use Case

Comments

@termontwouter
Copy link

termontwouter commented Jan 1, 2025
edited
Loading

As a Resource Owner/Controller,
I want to have an overview of who accessed which resource at which time,
So that I have an idea of the access activities and can change my policies accordingly if necessary.

Preconditions:

  • A Resource Owner/Controller can manage policies over some resources on an LWS-compatible resource server.
  • Resource Users interact with the RO/RC's Authorization Server and Resource Servers to access resources.
  • The Authorization Service has granted a certain access request (and the Resource User has accessed the resource).

Trigger:

The Resource Owner/Controller wants to check who had/has access to and/or accessed their resources (recently).

Actors:

  • [Primary] The Resource Owner/Controller (~ Data Holder/Supplier): an agent who has partial/delegated (controller) or ultimate (owner) control over policies concerning certain resources.

  • [Technical] The Resource Server (~ Data Provider): the LWS-compatible system that technically provides the resources.

  • [Technical] The Authorization Service: the access management system used by the RO/RC to protect their resources on the RS.

Distinction:

To ensure that their policies are correct, and no unintended RUs have gained access to their resources, RO/RCs should be able to check who had/has access to their data. This can be interesting both on the level of access requests (granted/denied), as on the level of concrete resource access.

Scenario:

  1. The RO/RC goes to their Authorization Service, and selects the 'Recent access' overview page.
  2. The Authorization Server lists all RUs that have been granted access (recently).

Alternative case(s):

  • For concrete access, this functionality should be implemented on the Resource Server side, rather than on by the Authorization Service.

  • Apart from just recent access, a log of the entire access history could be available for auditing purposes.

Error scenario:

  • Listing every granted/denied access request, and especially every concrete resource access, might become extremely verbose in an ever more automated, data-centered world (e.g., with IoT devices continuously reading/writing to the LWS).

  • An entire log might take too much space. An archiving function should help with that.

Acceptance Criteria:

  • RO/RCs can get an overview of who (recently) had/has access to and/or accessed their resources.
@termontwouter termontwouter added triage Issues needing triage usecase LWS Use Case labels Jan 1, 2025
@termontwouter termontwouter changed the title [UC] Overview/Log of Resource Access (Behaviour) <DRAFT> [UC] Overview/Log of Resource Access (Behaviour) Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Issues needing triage usecase LWS Use Case
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@termontwouter