.. _UC15:

Use Case 15 - Account Management
--------------------------------

.. index:: Use Case 15, UC15, Manage Accounts, user, account, identity

Revisions
  View document revision history_.

Goal
  Edit a user account.  This includes creating, deleting, editing

  User Account Management - Create new user account on Identity Provider (also
  edit, delete, ...).

Summary 
  Perform basic account management operations. This process can be quite
  complex depending on the identity provider in use and the security policies
  that need to be addressed.

  The use case and interaction presented here assumes a simplistic operation
  that relies only upon email verification for the new account creation. A
  more sophisticated interaction might include administrative approval of the
  new account, selection of an identity provider to use, and assignment of
  roles based on the level of approval and the nature of the selected identity
  provider (i.e. trustworthiness of identity provider).


Actors
  - New User

  - Administrator

  - Identity provider

  - Coordinating Node


Preconditions 
  - System is operational and policy is in place to accept new users.

Triggers
  - A new user account is requested.

Post Conditions
  - New account is created (if accepted)

  - Access control rules for new account are specified

  - Account information is replicated across CNs

.. 
   @startuml images/15_seq.png
   actor User
   participant "Client" as app_client << Application >>
   User -> app_client
   participant "Authentication API" as c_authenticate << Coordinating Node >>
   app_client -> c_authenticate: newAccount (user, pw)
   app_client <-- c_authenticate: token or failure
   User <-- c_authenticate: email confirmation
   @enduml

.. image:: images/15_seq.png

*Figure 1.* Interactions for use case 15.


**Notes**

- By default, accounts have no real privileges. To get higher privileges,
  users may have to jump through more hoops (such as verifying their
  association with a project/institution)

- Presumably, if we are using external identity providers this user account
  management functionality isn't provided by the CN. Right? (PEA)

.. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/15_uc.txt