All computer systems need ways to identity the people who use them, limit/control their use, and ensure that community rules and expectations are honored.
Identity management describes how people identify themselves to applications and systems. Group management describes how people organize and name groups of individuals. Finally, Allocation management describes how a community authorizes and/or limits the use of community services by specific individuals or groups.
Allocation Management:
The use cases in this area describe ways a community manages access to its resources, including: project solicitations, proposal submissions, proposal reviews, and allocating resources to specific projects.
Research computers are powerful, but the demand to use them is larger than the capacity they offer. Access to these resources must be based on community priorities. The allocation system described in these use cases is used by the XSEDE system but is available to others as well. A central allocation system--one that researchers can use to request access to many resources--is important to ensure the easiest access by researchers.
Use Case ID | Title | Use Case Description |
---|---|---|
P2-01 | Establish an Allocations Process | |
P2-02 | Establish allocation review panel | |
P2-03 | Add resources to allocations process | |
P2-04 | Establish an allocation Submission Opportunity | |
P2-05 | Submission of Allocation Request | |
P2-06 | Manage review of Submissions to an Allocations Opportunity | |
P2-07 | Submission of a Review | |
P2-08 | Award or reject allocation request | |
P2-09 | Allocation data reporting and access | |
P2-10 | Customize allocation request data fields |
Group Management:
These use cases describe how individuals need to manage and use group definitions. In its simplest form, a group definition is a list of people that needs to be maintained and used for some ongoing purpose. Groups can be used to coordinate research teams (e.g., authorizing use of a resource), for communication (e.g., managing an email list), or for project management (e.g., task assignments).
Use Case ID | Title | Use Case Description |
---|---|---|
GRP-01 | Researcher manages membership of a project group | |
GRP-02 | Manually create a group | |
GRP-03 | Manually view or manage the configuration or membership of a group | |
GRP-05 | Invite members to a group | |
GRP-06 | Request membership in a group | |
GRP-09 | Synchronize an external group | |
GRP-10 | Automate a group's configuration | |
GRP-12 | Use groups to control access within a resource | |
GRP-14 | Use a group to control access within an application | |
GRP-15 | Use a group for task assignments within an application | |
GRP-16 | Use a group for email distribution | |
GRP-17 | Drive project membership with an email message |
Identity Management:
These use cases describe how researchers, scientists, and other community members register themselves with computer systems, prove their identities when using applications, and manage their identity data (user profiles).
Use Case ID | Title | Use Case Description |
---|---|---|
IDM-01 | Register with a community | |
IDM-02 | Login to a community’s user portal with a community username and password | |
IDM-03 | Change a community user profile | |
IDM-04 | Login to a community’s user portal with an identity from another organization | |
IDM-05 | Link or unlink an identity from another organization | |
IDM-06 | Login to a web application or science gateway with a community identity | |
IDM-07 | Login to a locally installed application with a community identity | |
IDM-08 | Login to a locally installed application with an SSH/X.509 key | |
IDM-11 | Use a community identity for InCommon authentication | |
IDM-12 | Single sign-on across community OpenStack resources | |
IDM-13 | Authenticate to a resource’s OpenStack API | |
IDM-14 | SSH access using a community identity for education | |
IDM-15 | Lookup affiliated institutions for a community identity | |
IDM-16 | Obtain affiliated institutions when an individual logs in to a service | |
IDM-17 | Obtain a high-assurance X.509 certificate |