Policy Aware Web (PAW) Use Cases

This version:
http://www.policyawareweb.org/2005/paw-use-cases-20050726/
Latest version:
http://www.policyawareweb.org/paw-use-cases/
Previous versions: Original use cases
Editor:
David Wood, MIND Lab, University of Maryland <dwood@NOSPAM.mindswap.org >

Abstract

This document specifies usage scenarios for PAW.

Table of Contents

1 Use Cases for PAW
    1.1 Use Case "PS": Photo Sharing
    1.2 Use Case "PSO": Photo Sharing with Others
    1.3 Use Case "PSD": Photo Sharing with Delegation

Appendices

Acknowledgements


1 Use Cases for PAW

The use cases below were created by the PAW team to assist in scoping the project and measuring success.

1.1 Use Case "PS": Photo Sharing

Use Case 1 may be stated as "A photo taken at a meeting of the troop may be shared with any current member of the troop who attended the meeting."

This use case presumes that a Web server can somehow determine the following information:

  1. Whether the photo being accessed was taken at the meeting;
  2. Whether the user trying to access a photo is a current member of the troop;
  3. Whether the user attended the meeting.

We make a presumption that the first criterion will be handled by an association at the Web server between a resource (the photo) and its policy. It may be further assumed that the troop itself, proxied by its Web server, would know who is on its current membership roster and who attended its meetings. Mechanisms for the recording and storage of this information was not directly addressed.

1.2 Use Case "PSO": Photo Sharing with Others

Use Case 2 is, "Photos taken at a jamboree can be shared with anyone in the troop or with anyone who attended the jamboree."

This case makes similar presumptions to Use Case 1, except that a jamboree is a national event and therefore outside of the control of the troop. The troop's Web server is not capable of recording or storing the attendance of a jamboree. Attendance records for a jamboree are the purview of the national Girl Scout organization and therefore their Web server must be questioned. A presumption is made (within the confines of existing access control means) that attendance questions may be asked by a troop in good standing via standard Web mechanisms.

1.3 Use Case "PSD": Photo Sharing with Delegation

Use Case 3 states, "Photos of the girls winning awards can be shared with anyone currently in the troop, or who was ever a member. These award photos can also be shared with the public if, and only if, the girl's parents allow it."

The first part of this case devolves to Use Case 1 in that the troop's Web server is presumed to control their own records of membership. How, though, is the troop's Web server supposed to determine whether the parents of a girl have provided their authorization to share with the general public? In keeping with the Web, the answer is distributed. A parent can simply provide notice on the Web that a given photo (named by URI) may be shared with the public. We used a FOAF file for this purpose.

A detailed scenario for this use case is as follows:

Troop42 is a girl scout troop. It has a website (http://troop42.org) that hosts pictures taken at girl scout meetings/jamborees. Its access control policy states that pictures can be accessed by current girl scout members and their families.

Girl scout members are identified by statements signed by public key SK-GSA (Girl Scouts of America). Jane is not in Troop42 but is a girl scout and her mom is Betty. GSA signs a statement saying that Jane is a member of GSA; (#jane member #gsa) signed by SK-GSA.

Jane's foaf file points to Betty's HTML page (which is available via a URL controlled by OpenID) and Betty authenticates via OpenID.

Betty has a PAW proxy (or PAW support in her browser) and she makes an HTTP GET request for a picture on http://troop42.org. The server comes back with a 401 error and the policy that she must satisfy. Betty must come up with a proof that shows that she meets the policy.

There are four cases where the GSA public key may be: The key may be publicly available, behind a username/passwd that Betty knows, a PAW controlled resource, or the key may be passed out of band.

Betty's proxy (or browser) constructs a proof which shows:

Betty's proxy (or browser) sends this proof to the server. The server checks this proof and if the proof is valid, Betty is given access to the picture she requested.

Acknowledgments

The editors thank the members of the PAW team, which produced the material in this document.

The use cases in this paper were contributed by the following individuals:

Use Case "PS" Jim Hendler
Use Cases ""PSO" and "PSD" Lalana Kagal, David Wood and others. Group discussion at January 2006 face-to-face meeting extended the scenario. Major contributors were Jim Hendler, Danny Weitzner, Dan Connolly, Lalana Kagal, Vlad Kolovski, David Wood (in no particular order).