.. _UC14:

Use Case 14 - System Authentication and Authorization
-----------------------------------------------------

.. index:: Use Case 14, UC14, system authentication, system authorization

Revisions
  View document revision history_.

Goal

  A system process authenticates and performs some system operation (e.g.
  replication). In this example, a Member Node authenticates to enable
  transfer of content from MN A to MN B.

Summary 
  System operations are required for many operations including the management
  of content across Member Nodes and replication between Coordinating Nodes.
  This use case describes the system level interactions required to perform a
  system level operation.

Actors
  - Coordinating Node

  - Member Node(s)

Preconditions 
  - Operational system


Triggers
  - A system level operation is invoked.


Post Conditions
  - The operation is completed

  - The authentication token is optionally disposed


.. 
   @startuml images/14_uc.png
   actor "Coordinating Node" as CN 
   actor "Member Node A" as MN_A 
   actor "Member Node B" as MN_B 
   usecase "13. User Authorization" as author
   usecase "14. System Operation" as SYSOP
   usecase "9. Replicate MN to MN" as repl
   CN -- SYSOP
   MN_A -- SYSOP
   MN_B -- SYSOP
   SYSOP ..> author: <<includes>>
   SYSOP ..> authen: <<includes>>
   SYSOP ..> repl: <<includes>
   @enduml

.. image:: images/14_uc.png

*Figure 1.* Use case 14, system authentication


.. 
   @startuml images/14_seq.png
   participant "Replication API" as m_rep_a << Member Node A >>
   participant "Replication API" as m_rep_b << Member Node B >>
   participant "Authentication API" as c_authenticate << Coordinating Node >>
   participant "Verify API" as c_ver << Coordinating Node >>
   m_rep_a -> c_authenticate: login(user, pw)
   note right
     The user in this case is the DataONE 
     identity given to MN A.
   end note
   m_rep_a <-- c_authenticate: token or failure
   m_rep_a -> m_rep_b: getContent(token, ...)
   m_rep_b -> c_ver: isAuthorized(token, ...)
   m_rep_b <-- c_ver: True or False
   m_rep_a <-- m_rep_b: content or Fail
   note right
     Member Node A is now in a modified 
     state and should signal this during
     next status request from a CN
   end note
   m_rep_a --> c_authenticate: logout(token)
   @enduml

.. image:: images/14_seq.png

*Figure 2.* Interactions for use case 14.

.. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/14_uc.txt