WEB-ISO Scenarios (straw man draft) draft-internet2-webiso-scenarios-01.txt Scott Fullerton Date: Dec 11, 2001 Here is a draft of some scenarios for your delectation. I have taken a stab at how to phase support for these where phase 1 would be the near term deliverable and phase 2 would be those things that we put off until later so as not to distract us from a quick deployment. WEB-ISO Scenarios (straw man draft) 2.1 Multiple secured web applications: 2.1.1 (Phase 1) A staff member attempts access to her benefits information and then checks her web-based calendar, both in the same security domain. 2.1.2 (Phase 1) User at kiosk machine. A student at the union wants to use web-based email and calendar systems at a commonly used, public access machine. He trusts that by performing a self-evident sequence of steps or ones in which he has been sufficiently trained the next person using the machine will not be able to have access to his account. 2.1.3 (Phase 2?) Selective logout A student is engaged in sessions with two different applications, calendaring, and student records. She wishes to log out of student records but continue with calendaring. 2.2 (Phase 1) Portal acting as middle tier mediates access to secured applications A student uses The MyQuad portal, which in turn accesses and presents tuition balances and current enrollment information. 2.3 (Phase ?) Applications requiring differing levels of authentication. A doctor who is on faculty at a university checks his on-line calendar and then checks his on-line patient information system. The latter application has a more rigorous authentication requirement. 2.4 (Phase 1) Shibboleth, multi-realm use The origin site contracts with Information Provider B to obtain access to B's services for the law students at site A, and they have set up Shibboleth to support this. The law student at site A attempts to access information from Provider B. 2.5 (Phase 2?) Applications in different dns domains sharing the same security domain. Applications at UFooExtension.edu serve the same population as UFoo.edu. A user accesses the on-line calendar application (mycal.UFoo.edu) and then registers for an advanced polka course at Funevents.UFooExtension.edu.