[Openid-specs-authzen] Some use case thoughts / ideas
Thomas Darimont
thomas.darimont at oidf.org
Tue Jun 18 13:38:59 UTC 2024
Hallo Patrick,
Thank you for the comprehensive collection of authorization use cases.
In addition, I'd like to propose to add the following "analytics" use cases with corresponding variants:
UC1:
To analyze a security incident, as an auditor, I would like to know if a specific user U_0 was allowed
to perform action A_0 on a resource R_0 in the period T_0-T_1.
UC2:
As an auditor in a collaborative security incident analysis, I would like to know if a set of users (based on attributes)
could perform action A_0 on resource R_0 during the time period T_0-T_1.
The use-case of looking in the past is helpful for post mortem analysis of security incidents.
However, a look into the future could also be helpful to answer if a user will be able to access a resource at some point in the future,
e.g. to detect missing permissions earlier OR to ensure that some access is not possible yet.
Would this time restriction be part of the "context" then, or is the temporal aspect of authorization analytics a separate topic?
<That's my first post to this list, but I've been following this for some time.>
Kind regards,
Thomas
________________________________
From: Openid-specs-authzen <openid-specs-authzen-bounces at lists.openid.net> on behalf of Parker, Patrick via Openid-specs-authzen <openid-specs-authzen at lists.openid.net>
Sent: Tuesday, June 18, 2024 2:20 PM
To: openid-specs-authzen at lists.openid.net <openid-specs-authzen at lists.openid.net>
Cc: Parker, Patrick <Patrick.Parker at empowerid.com>
Subject: [Openid-specs-authzen] Some use case thoughts / ideas
Hello!
Just jotted down my thoughts on use cases that we encounter.
Patrick
[signature_889433285] <https://t.sidekickopen86.com/s3t/c/5/f18dQhb0S7lC8dV48SW2NKxGn2B9nMJW7t5XYg7fsVlgVfD3xb3M2sp8W1p7ZwM56dzdBf4wYgkl02?te=W3R5hFj4cm2zwW41PG051N3z6SW3M1YQr41TRgPW45TRgW3K2B2XW43Tw8Z4hMntNW43SfLS43T4N9W4hLywB3R5hFjW4cbjZB1mp7wVW1SbFK63ZTPLHW3K78b11JxwY5W1mp7yn1TXlG4W3v9D4C4fM9GVW1V6-PK2B0CncW3SZ8dc3SYMh5W45Np_T1-WQMmW3_m1SR4cjfj1W1SbD5m1Sby3hW1SbDmQ23glQgW3BLGqV3ZC_6xW384KXJ3b2tpNW4pkhPl2qGZ-1W2KHLqn1ZfLj3W21jJdb3ZW0SsW2vzB0q1Vc_G5W45qFDm45qdrfW2RlcJv4tvnKlW1Xx4wp3XZvmjW1mpz0-3JzGX2W3b2WcZ3QM6WPW1_9p2C1Qm3tpW3grKhf1Vc9cGW3DMLrQ2KYzJ3W1ZdR_r1S3-YpW1mpyRl1V2rkJW1N7bSY1--3vfW1X1QJ31S3-H9W1mpyS81NsMY5W3z8Kdf1-Y33nW1GbjYp1YXP4dW1N55TN3JHw4XW1VqpSD23fVTLW3tLnVW1cmWfmW3b9ZZF1GdrNJW1cxF6Z3ZvmFcW2FKvJ23Y3msTW2PSwF12Ydh6NW2Txwk71Z4XsJW1SkJ4y1X2gtxW4mJ1dy4ffY_lW3_CVGp2KNPVxW4mnRRP2v-cx6W24_cxS41JBVFW254b-y47NyWNW32s-2x3NFwxmW3GJFLw3NQCb3W2FXHC11mp5YzW3zdyqG3H3bCkW2dLp8t2120KSW1mrcFX3ZVdVhW41QWVG1JG9CZW3K8Q_V1mpYz1W3_YlR73K8Qc6W1JxwY51mrcF9W24SDFw1S3ZlZW20Z1yP3yQ-Q8W1N6P6423gnc0W3JKBhB3M15jtW2120LP23fyBYW3yRQpw1X0-p_W22TGXZ1YZ13mW1QtjX-22WR35W3DKZSf2szFP3W2szFP32sD8TdW1N5xJk22X_gkW22V3HM1W-tKyW2123_n3X-qTwW41kBPG34qcNgW3BXd-G3BMYlnW3KcGQk2HT9SrW2Rs2992PNMk9W2RstP92PtxBBW2HT9Sr383-yBW2RT-652PtxBjW34yKyM2HTvV6W3z3pCS2PtxBKW38b_xb2RNYbNW1V8dcJ2sBX8-W1M_KB91mrcDQW211_Tk3_YgfyW3H3bCk2dLnLCW2MGnrm2TvkN7W2CXRNG2YGBPDW3QTLV43BPwJdW2zKnzr2-LZ8KW3jnylY1N7LjkW1mpyR23zdyqGW49KwsN49Szj434dJ2&si=6369707406655488&pi=4df73162-8967-4181-9f9a-a4d071b60e94>
Patrick Parker
CEO
[signature_756301795] +1 (614) 652 6825
[signature_1232658466] patrick.parker<mailto:patrick.parker at empowerID.com>@empowerID.com<mailto:patrick.parker at empowerID.com>
[signature_1909062425] www.empowerID.com <https://t.sidekickopen86.com/s3t/c/5/f18dQhb0S7lC8dV48SW2NKxGn2B9nMJW7t5XYg7fsVlgVfD3xb3M2sp8W1p7ZwM56dzdBf4wYgkl02?te=W3R5hFj4cm2zwW41PG051N3z6SW3M1YQr41TRgPW45TRgW3K2B2XW43Tw8Z4hMntNW43SfLS43T4N9W4hLywB3R5hFjW4cbjZB1mp7wVW1SbFK63ZTPLHW3K78b11JxwY5W1mp7yn1TXlG4W3v9D4C4fM9GVW1V6-PK2B0CncW3SZ8dc3SYMh5W45Np_T1-WQMmW3_m1SR4cjfj1W1SbD5m1Sby3hW1SbDmQ23glQgW3BLGqV3ZC_6xW384KXJ3b2tpNW4pkhPl2qGZ-1W2KHLqn1ZfLj3W21jJdb3ZW0SsW2vzB0q1Vc_G5W45qFDm45qdrfW2RlcJv4tvnKlW1Xx4wp3XZvmjW1mpz0-3JzGX2W3b2WcZ3QM6WPW1_9p2C1Qm3tpW3grKhf1Vc9cGW3DMLrQ2KYzJ3W1ZdR_r1S3-YpW1mpyRl1V2rkJW1N7bSY1--3vfW1X1QJ31S3-H9W1mpyS81NsMY5W3z8Kdf1-Y33nW1GbjYp1YXP4dW1N55TN3JHw4XW1VqpSD23fVTLW3tLnVW1cmWfmW3b9ZZF1GdrNJW1cxF6Z3ZvmFcW2FKvJ23Y3msTW2PSwF12Ydh6NW2Txwk71Z4XsJW1SkJ4y1X2gtxW4mJ1dy4ffY_lW3_CVGp2KNPVxW4mnRRP2v-cx6W24_cxS41JBVFW254b-y47NyWNW32s-2x3NFwxmW3GJFLw3NQCb3W2FXHC11mp5YzW3zdyqG3H3bCkW2dLp8t2120KSW1mrcFX3ZVdVhW41QWVG1JG9CZW3K8Q_V1mpYz1W3_YlR73K8Qc6W1JxwY51mrcF9W24SDFw1S3ZlZW20Z1yP3yQ-Q8W1N6P6423gnc0W3JKBhB3M15jtW2120LP23fyBYW3yRQpw1X0-p_W22TGXZ1YZ13mW1QtjX-22WR35W3DKZSf2szFP3W2szFP32sD8TdW1N5xJk22X_gkW22V3HM1W-tKyW2123_n3X-qTwW41kBPG34qcNgW3BXd-G3BMYlnW3KcGQk2HT9SrW2Rs2992PNMk9W2RstP92PtxBBW2HT9Sr383-yBW2RT-652PtxBjW34yKyM2HTvV6W3z3pCS2PtxBKW38b_xb2RNYbNW1V8dcJ2sBX8-W1M_KB91mrcDQW211_Tk3_YgfyW3H3bCk2dLnLCW2MGnrm2TvkN7W2CXRNG2YGBPDW3QTLV43BPwJdW2zKnzr2-LZ8KW3jnylY1N7LjkW1mpyR23zdyqGW49KwsN49Szj434dJ2&si=6369707406655488&pi=4df73162-8967-4181-9f9a-a4d071b60e94>
[signature_953072147] 4393 Tuller Road Dublin, OH 43017
[signature_729000866]<https://t.sidekickopen86.com/s3t/c/5/f18dQhb0S7lC8dV48SW2NKxGn2B9nMJW7t5XYg7fsVlgVfD3xb3M2sp8W1p7ZwM56dzdBf4wYgkl02?te=W3R5hFj4cm2zwW41PG051N3z6SW3M1YQr41TRgPW45TRgW3K2B2XW43Tw8Z4hMntNW43SfLS43T4N9W4hLywB3R5hFjW4cbjZB1mp7wVW1SbFK63ZTPLHW3K78b11JxwY5W1mp7yn1TXlG4W3v9D4C4fM9GVW1V6-PK2B0CncW3SZ8dc3SYMh5W45Np_T1-WQMmW3_m1SR4cjfj1W1SbD5m1Sby3hW1SbDmQ23glQgW3BLGqV3ZC_6xW384KXJ3b2tpNW4pkhPl2qGZ-1W2KHLqn1ZfLj3W21jJdb3ZW0SsW2vzB0q1Vc_G5W45qFDm45qdrfW2RlcJv4tvnKlW1Xx4wp3XZvmjW1mpz0-3JzGX2W3b2WcZ3QM6WPW1_9p2C3_LSNwW2Mwtfz1W_P88W2zYXHL2sDD5FW2CvwYd1XcQ9SW1XmLHK34w9P3W1_7kp341rXG4W3G-Db13NDzkxW1_rx_V1V8fKcW1-_k4x20XNCvW1-ZG0C22X-1-W1_qhz_1V8kzMW3z8mmZ3GM0W6W1QrFBG1X0cpcW1Gdtwb1S07zJW1V3MD53LHhtKW3DMjmS1mpyFtW1cL4mf2vNPpBW254F6J1_87_lW1Vfkmv34H0q7W4tjmWW4cw0BgW1QxfSd2-GPMpW2syswM3bqpF4W255tmN4cBy08W1Qw1252B2j5xW3F52lQ2PRcRWW3P7BBQ2t4bJ8W36fGfr2WLy3mW3SKG-V3jkJ5SW1Zq40-1SBSw9W2HYGxF1QqqRJW1S31cZ3_YgfgW3zhrq_1N6lBJW2szGRD21252dW3Kchm83Hbfk-W4cNDRX49QWLmW1W-yTJ45SByGW49M8183Fbt5GW2121wG1Q4_xKW1_j1Yr20YCXwW20Z5qj1-X-HsW3H391322XGbKW3F6Cw_2szMjMW3C7Hd124TxPsW1-ZjB61N7JDZW1N61np3LHJTCW1ZlfxL1RYQByW1M_KB91M_KB9W1-YRkv1V0lP4W22VWKR1Q2S1PW1N6N3k2sT8NpW41Wvys1mrcFHW3bbSV-2CPrBRW1VpB4N4rk2JQW3W0hhL2sCrVKW3VG8J72vHnkKW2sNx_m3W0hhWW1SvsLm4thcjMW2sNwHs3SLSgNW3Xw1hw3bBdxdW2sNyCP2sN47QW41q7qZ2vsFFVW1T_XJ61mrcDQW211_MQ2svBkcW45rYwY3zhrq_W4kqGh32547_9W2-m7NT2Tb5f4W3_wp4D1SbBx_W36m__D4kqcWQW2YMyc63K3lpgW4kvpKZ47FYR_W1V8dkc3_YgfxW3K9cl24kCH7G1W3&si=6369707406655488&pi=4df73162-8967-4181-9f9a-a4d071b60e94> [signature_2001009733] <https://t.sidekickopen86.com/s3t/c/5/f18dQhb0S7lC8dV48SW2NKxGn2B9nMJW7t5XYg7fsVlgVfD3xb3M2sp8W1p7ZwM56dzdBf4wYgkl02?te=W3R5hFj4cm2zwW41PG051N3z6SW3M1YQr41TRgPW45TRgW3K2B2XW43Tw8Z4hMntNW43SfLS43T4N9W4hLywB3R5hFjW4cbjZB1mp7wVW1SbFK63ZTPLHW3K78b11JxwY5W1mp7yn1TXlG4W3v9D4C4fM9GVW1V6-PK2B0CncW3SZ8dc3SYMh5W45Np_T1-WQMmW3_m1SR4cjfj1W1SbD5m1Sby3hW1SbDmQ23glQgW3BLGqV3ZC_6xW384KXJ3b2tpNW4pkhPl2qGZ-1W2KHLqn1ZfLj3W21jJdb3ZW0SsW2vzB0q1Vc_G5W45qFDm45qdrfW2RlcJv4tvnKlW1Xx4wp3XZvmjW1mpz0-3JzGX2W3b2WcZ3QM6WRW3F9y0g4mtjQdW2-c_kv1Xn-SJW3_XtLS2zVcZBW328m4w3M4TGnW1XrVM038zwLXW1TXlFP4cKB_NW2vBKmn24W61NW1W-tKT1Y_5qMW22P48K45PZvcW2vY0_G3F4Dr6W22SqjD3BMr1YW1XlTVQ25dSp0W1GdtB_25fg7RW1-YRlr1ZjG6JW1V7nX32WJ0gsW2TJ-Ck2YNhHbW2TM_sh2YD1D2W4pB1cd2PlsJ_W2RyXfr3_F3prW3_VlnQ1Gm2KZW3BM19B30LNHhW3d0GM_3VNnY2W4phzM33C8bcYW45n66w4kNll7W49Dwkc2zvk2VW43TbzS2zWqvKW3z3PGG3ZW22TW4rxjYg4fMZ6YW47MH261WWnNrW45rXbN4fDSQFW1YTs551N4HJ9W2sZ8hm4px67FW49KppX45Sy-zW49M2vC1NvrKjW43Ylgq3SZ3pkW43T3VD2sFqQrW1Zlf4b3z8hH3W1-ZjpD21gXrsW1Q2SpF3z7ZdxW21jfD93LycN9W1NtYB83JKFZVW1Vp_bz1XmK5lW23gKQ61XlTyWW20WZm73DN7GdW1mrcF01mrcF0W1mrcF61V3fvcW1Q5MKd1V0lTJW1N5Zr21-R_ChW36zprj43Ym1GW2123Wc2z_11pW3jtbwD3GM5RSW2KHM_x43RtvZW1Xx3mR2p98_gW2p3lfJ2KFg7MW43Rvhj3Z_RJ-W2HSKh92Kx1_rW2HstRB1QvcB1W4mCSrJ2KJbC3W2Hsv9C1M_KddW1mrcF31N4h9mW211_MQ2sv57JW1pLjNY29jg5cW4fDSQ_3K4Bz1W3LXgv91SbyrcW3ZMt7t2vHMJBW2-kpct2TyjCfW2r41p430Lf2yW2xLXDZ4pHPdSW1mpyR23zdyqGW49KwsN49Szj434dJ2&si=6369707406655488&pi=4df73162-8967-4181-9f9a-a4d071b60e94> [signature_1070999265] <https://urldefense.com/v3/__https:/www.facebook.com/220903377569__;!!OiWDNh-9Pw!6Nol3PcHTxhkzL2LsMQP1mINQmi5C-I2Wb149RzwsX1t1jPmFxCJcbfwLp2Dgvz9CrYnUF09OomqiFeSZaXg5lgd2yeg8fYFgQM$> [signature_679156352] <https://t.sidekickopen86.com/s3t/c/5/f18dQhb0S7lC8dV48SW2NKxGn2B9nMJW7t5XYg7fsVlgVfD3xb3M2sp8W1p7ZwM56dzdBf4wYgkl02?te=W3R5hFj4cm2zwW41PG051N3z6SW3M1YQr41TRgPW45TRgW3K2B2XW43Tw8Z4hMntNW43SfLS43T4N9W4hLywB3R5hFjW4cbjZB1mp7wVW1SbFK63ZTPLHW3K78b11JxwY5W1mp7yn1TXlG4W3v9D4C4fM9GVW1V6-PK2B0CncW3SZ8dc3SYMh5W45Np_T1-WQMmW3_m1SR4cjfj1W1SbD5m1Sby3hW1SbDmQ23glQgW3BLGqV3ZC_6xW384KXJ3b2tpNW4pkhPl2qGZ-1W2KHLqn1ZfLj3W21jJdb3ZW0SsW2vzB0q1Vc_G5W45qFDm45qdrfW2RlcJv4tvnKlW1Xx4wp3XZvmjW1mpz0-3JzGX2W3b2WcZ3QM6WRW3F9y0g4mtjQmW2MzM731Vkt38W3b97P32MmTt-W4kb_bM4mv7RZW1QgCc149LGl5W2PyGBQ4m9xTfW1VjGqn3GRCyrW1S3-Yp1mpyRlW1V2rkJ1N7bSYW1--3vf1X1QJ3W1S3-H91mpyS8W1NsMY53z8KdfW1-Y33n1GbjYpW1YXP4d1N55TNW3JHw4X1VqpSDW23fVTL3tLnVWW1cmWfm3b9ZZFW1GdrNJ1cxF6ZW3ZvmFc2FKvJ2W3Y3msT2PSwF1W2Ydh6N2Txwk7W1Z4XsJ1SkJ4yW1X2gtx4mJ1dyW4ffY_l3_CVGpW2KNPVx4mnRRPW2v-cx624_cxSW41JBVF254b-yW47NyWN32s-2xW3NFwxm3GJFLwW3NVpJv24_-sBW1mp5Yz3zdyqGW3H3bCk2dLp8tW2120KS1mrcFXW3ZVdVh41QWVGW1JG9CZ3K8Q_VW1mpYz13_YlR7W3K8Qc61JxwY5W1mrcF924SDFwW1S3ZlZ20Z1yPW3yQ-Q81N6P64W23gnc03JKBhBW3M15jt2120LPW23fyBY3yRQpwW1X0-p_22TGXZW1YZ13m1QtjX-W22WR353DKZSfW2szFP32szFP3W2sD8Td1N5xJkW22X_gk22VvHMW1-YQ-k2123_nW3X-qTw41kBPGW34qcNg3BXd-GW3BMYln3KcGQkW2HT9Sr2Rs299W2PNMk92RstP9W2PtxBB2HT9SrW383-yB2RT-65W2PtxBj34yKyMW2HTvV63z3pCSW2PtxBK38b_xbW2RNYbN1V8dcJW2sBX8-1M_KB9W1mrcDQ211_TkW3_Ygfy3H3bCkW2fgzwy2v-bDvW1Sl7qX38D6XkW3QQqZB3f_xplW1QB-Jw1VxkT6W4tn8z632hqskW2xKbjr1mpyR2W3zdyqG49KwsNw49Szj44dJ2&si=6369707406655488&pi=4df73162-8967-4181-9f9a-a4d071b60e94>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 4176 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 345 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 248 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 430 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 359 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0013.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 606 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0014.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 688 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0015.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 647 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0016.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-signature_.png
Type: image/png
Size: 697 bytes
Desc: Outlook-signature_.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240618/e3e90c3a/attachment-0017.png>
More information about the Openid-specs-authzen
mailing list