�cdocutils.nodes
document
q�)Åq�}q�(U nametypesq�}q�(X ���use case 15 - account managementq�NX����uc15q�àX����historyq�àuU�substitution_defsq }q
U�parse_messagesq�]q�U�current_sourceq
NU
decorationq�NU�autofootnote_startq�K�U�nameidsq�}q�(h�U�use-case-15-account-managementq�h�U�uc15q�h�U�historyq�uU�childrenq�]q�(cdocutils.nodes
target
q�)Åq�}q�(U rawsourceq�X ���.. _UC15:U�parentq�h�U�sourceq�Xj���/var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/UseCases/15_uc.txtq�U�tagnameq�U�targetq�U
attributesq }q!(U�idsq"]U�backrefsq#]U�dupnamesq$]U�classesq%]U�namesq&]U�refidq'h�uU�lineq(K�U�documentq)h�h�]ubcdocutils.nodes
section
q*)Åq+}q,(h�U�h�h�h�h�U�expect_referenced_by_nameq-}q.h�h�sh�U�sectionq/h }q0(h$]h%]h#]h"]q1(h�h�eh&]q2(h�h�euh(K�h)h�U�expect_referenced_by_idq3}q4h�h�sh�]q5(cdocutils.nodes
title
q6)Åq7}q8(h�X ���Use Case 15 - Account Managementq9h�h+h�h�h�U�titleq:h }q;(h$]h%]h#]h"]h&]uh(K�h)h�h�]q<cdocutils.nodes
Text
q=X ���Use Case 15 - Account Managementq>ÖÅq?}q@(h�h9h�h7ubaubcsphinx.addnodes
index
qA)ÅqB}qC(h�U�h�h+h�h�h�U�indexqDh }qE(h"]h#]h$]h%]h&]U�entriesqF]qG((U�singleqHX����Use Case 15U�index-0qIU�NtqJ(hHX����UC15hIU�NtqK(hHX����Manage AccountshIU�NtqL(hHX����userhIU�NtqM(hHX����accounthIU�NtqN(hHX����identityhIU�NtqOeU�inlineqPâuh(K�h)h�h�]ubh�)ÅqQ}qR(h�U�h�h+h�h�h�h�h }qS(h"]h#]h$]h%]h&]h'hIuh(K�h)h�h�]ubcdocutils.nodes
definition_list
qT)ÅqU}qV(h�U�h�h+h�h�h-}h�U�definition_listqWh }qX(h$]h%]h#]h"]qYhIah&]uh(Nh)h�h3}qZhIhQsh�]q[(cdocutils.nodes
definition_list_item
q\)Åq]}q^(h�X+���Revisions
View document revision history_.
h�hUh�h�h�U�definition_list_itemq_h }q`(h$]h%]h#]h"]h&]uh(K h�]qa(cdocutils.nodes
term
qb)Åqc}qd(h�X ���Revisionsqeh�h]h�h�h�U�termqfh }qg(h$]h%]h#]h"]h&]uh(K h�]qhh=X ���RevisionsqiÖÅqj}qk(h�heh�hcubaubcdocutils.nodes
definition
ql)Åqm}qn(h�U�h }qo(h$]h%]h#]h"]h&]uh�h]h�]qpcdocutils.nodes
paragraph
qq)Åqr}qs(h�X ���View document revision history_.h�hmh�h�h�U paragraphqth }qu(h$]h%]h#]h"]h&]uh(K h�]qv(h=X����View document revision qwÖÅqx}qy(h�X����View document revision h�hrubcdocutils.nodes
reference
qz)Åq{}q|(h�X����history_U�resolvedq}K�h�hrh�U referenceq~h }q(U�nameX����historyqÄU�refuriqÅXî���https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/15_uc.txtqÇh"]h#]h$]h%]h&]uh�]qÉh=X����historyqÑÖÅqÖ}qÜ(h�U�h�h{ubaubh=X����.ÖÅqá}qà(h�X����.h�hrubeubah�U
definitionqâubeubh\)Åqä}qã(h�Xß���Goal
Edit a user account. This includes creating, deleting, editing
User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).
h�hUh�h�h�h_h }qå(h$]h%]h#]h"]h&]uh(K�h)h�h�]qç(hb)Åqé}qè(h�X����Goalqêh�häh�h�h�hfh }që(h$]h%]h#]h"]h&]uh(K�h�]qíh=X����GoalqìÖÅqî}qï(h�hêh�héubaubhl)Åqñ}qó(h�U�h }qò(h$]h%]h#]h"]h&]uh�häh�]qô(hq)Åqö}qõ(h�X?���Edit a user account. This includes creating, deleting, editingqúh�hñh�h�h�hth }qù(h$]h%]h#]h"]h&]uh(K�h�]qûh=X?���Edit a user account. This includes creating, deleting, editingqüÖÅq†}q°(h�húh�höubaubhq)Åq¢}q£(h�X`���User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).q§h�hñh�h�h�hth }q•(h$]h%]h#]h"]h&]uh(K�h�]q¶h=X`���User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).qßÖÅq®}q©(h�h§h�h¢ubaubeh�hâubeubh\)Åq™}q´(h�Xd���Summary
Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.
The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).
h�hUh�h�h�h_h }q¨(h$]h%]h#]h"]h&]uh(K�h)h�h�]q≠(hb)ÅqÆ}qØ(h�X����Summaryq∞h�h™h�h�h�hfh }q±(h$]h%]h#]h"]h&]uh(K�h�]q≤h=X����Summaryq≥ÖÅq¥}qµ(h�h∞h�hÆubaubhl)Åq∂}q∑(h�U�h }q∏(h$]h%]h#]h"]h&]uh�h™h�]qπ(hq)Åq∫}qª(h�X≠���Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.qºh�h∂h�h�h�hth }qΩ(h$]h%]h#]h"]h&]uh(K�h�]qæh=X≠���Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.qøÖÅq¿}q¡(h�hºh�h∫ubaubhq)Åq¬}q√(h�X´���The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).qƒh�h∂h�h�h�hth }q≈(h$]h%]h#]h"]h&]uh(K�h�]q∆h=X´���The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).q«ÖÅq»}q…(h�hƒh�h¬ubaubeh�hâubeubh\)Åq }qÀ(h�XN���Actors
- New User
- Administrator
- Identity provider
- Coordinating Node
h�hUh�h�h�h_h }qÃ(h$]h%]h#]h"]h&]uh(K&h)h�h�]qÕ(hb)ÅqŒ}qœ(h�X����Actorsq–h�h h�h�h�hfh }q—(h$]h%]h#]h"]h&]uh(K&h�]q“h=X����Actorsq”ÖÅq‘}q’(h�h–h�hŒubaubhl)Åq÷}q◊(h�U�h }qÿ(h$]h%]h#]h"]h&]uh�h h�]qŸcdocutils.nodes
bullet_list
q⁄)Åq€}q‹(h�U�h }q›(U�bulletqfiX����-h"]h#]h$]h%]h&]uh�h÷h�]qfl(cdocutils.nodes
list_item
q‡)Åq·}q‚(h�X ���New User
h }q„(h$]h%]h#]h"]h&]uh�h€h�]q‰hq)ÅqÂ}qÊ(h�X����New UserqÁh�h·h�h�h�hth }qË(h$]h%]h#]h"]h&]uh(K�h�]qÈh=X����New UserqÍÖÅqÎ}qÏ(h�hÁh�hÂubaubah�U list_itemqÌubh‡)ÅqÓ}qÔ(h�X����Administrator
h }q(h$]h%]h#]h"]h&]uh�h€h�]qÒhq)ÅqÚ}qÛ(h�X
���AdministratorqÙh�hÓh�h�h�hth }qı(h$]h%]h#]h"]h&]uh(K!h�]qˆh=X
���Administratorq˜ÖÅq¯}q˘(h�hÙh�hÚubaubah�hÌubh‡)Åq˙}q˚(h�X����Identity provider
h }q¸(h$]h%]h#]h"]h&]uh�h€h�]q˝hq)Åq˛}qˇ(h�X����Identity providerr����h�h˙h�h�h�hth }r����(h$]h%]h#]h"]h&]uh(K#h�]r����h=X����Identity providerr����ÖÅr����}r����(h�j����h�h˛ubaubah�hÌubh‡)År����}r����(h�X����Coordinating Node
h }r����(h$]h%]h#]h"]h&]uh�h€h�]r ���hq)År
���}r����(h�X����Coordinating Noder����h�j����h�h�h�hth }r
���(h$]h%]h#]h"]h&]uh(K%h�]r����h=X����Coordinating Noder����ÖÅr����}r����(h�j����h�j
���ubaubah�hÌubeh�U�bullet_listr����ubah�hâubeubh\)År����}r����(h�XR���Preconditions
- System is operational and policy is in place to accept new users.
h�hUh�h�h�h_h }r����(h$]h%]h#]h"]h&]uh(K)h)h�h�]r����(hb)År����}r����(h�X
���Preconditionsr����h�j����h�h�h�hfh }r����(h$]h%]h#]h"]h&]uh(K)h�]r����h=X
���Preconditionsr����ÖÅr����}r����(h�j����h�j����ubaubhl)År����}r ���(h�U�h }r!���(h$]h%]h#]h"]h&]uh�j����h�]r"���h⁄)År#���}r$���(h�U�h }r%���(hfiX����-h"]h#]h$]h%]h&]uh�j����h�]r&���h‡)År'���}r(���(h�XB���System is operational and policy is in place to accept new users.
h }r)���(h$]h%]h#]h"]h&]uh�j#���h�]r*���hq)År+���}r,���(h�XA���System is operational and policy is in place to accept new users.r-���h�j'���h�h�h�hth }r.���(h$]h%]h#]h"]h&]uh(K)h�]r/���h=XA���System is operational and policy is in place to accept new users.r0���ÖÅr1���}r2���(h�j-���h�j+���ubaubah�hÌubah�j����ubah�hâubeubh\)År3���}r4���(h�X,���Triggers
- A new user account is requested.
h�hUh�h�h�h_h }r5���(h$]h%]h#]h"]h&]uh(K,h)h�h�]r6���(hb)År7���}r8���(h�X����Triggersr9���h�j3���h�h�h�hfh }r:���(h$]h%]h#]h"]h&]uh(K,h�]r;���h=X����Triggersr<���ÖÅr=���}r>���(h�j9���h�j7���ubaubhl)År?���}r@���(h�U�h }rA���(h$]h%]h#]h"]h&]uh�j3���h�]rB���h⁄)ÅrC���}rD���(h�U�h }rE���(hfiX����-h"]h#]h$]h%]h&]uh�j?���h�]rF���h‡)ÅrG���}rH���(h�X!���A new user account is requested.
h }rI���(h$]h%]h#]h"]h&]uh�jC���h�]rJ���hq)ÅrK���}rL���(h�X ���A new user account is requested.rM���h�jG���h�h�h�hth }rN���(h$]h%]h#]h"]h&]uh(K,h�]rO���h=X ���A new user account is requested.rP���ÖÅrQ���}rR���(h�jM���h�jK���ubaubah�hÌubah�j����ubah�hâubeubh\)ÅrS���}rT���(h�Xù���Post Conditions
- New account is created (if accepted)
- Access control rules for new account are specified
- Account information is replicated across CNs
h�hUh�h�h�h_h }rU���(h$]h%]h#]h"]h&]uh(K3h)h�h�]rV���(hb)ÅrW���}rX���(h�X����Post ConditionsrY���h�jS���h�h�h�hfh }rZ���(h$]h%]h#]h"]h&]uh(K3h�]r[���h=X����Post Conditionsr\���ÖÅr]���}r^���(h�jY���h�jW���ubaubhl)År_���}r`���(h�U�h }ra���(h$]h%]h#]h"]h&]uh�jS���h�]rb���h⁄)Årc���}rd���(h�U�h }re���(hfiX����-h"]h#]h$]h%]h&]uh�j_���h�]rf���(h‡)Årg���}rh���(h�X%���New account is created (if accepted)
h }ri���(h$]h%]h#]h"]h&]uh�jc���h�]rj���hq)Årk���}rl���(h�X$���New account is created (if accepted)rm���h�jg���h�h�h�hth }rn���(h$]h%]h#]h"]h&]uh(K/h�]ro���h=X$���New account is created (if accepted)rp���ÖÅrq���}rr���(h�jm���h�jk���ubaubah�hÌubh‡)Års���}rt���(h�X3���Access control rules for new account are specified
h }ru���(h$]h%]h#]h"]h&]uh�jc���h�]rv���hq)Årw���}rx���(h�X2���Access control rules for new account are specifiedry���h�js���h�h�h�hth }rz���(h$]h%]h#]h"]h&]uh(K1h�]r{���h=X2���Access control rules for new account are specifiedr|���ÖÅr}���}r~���(h�jy���h�jw���ubaubah�hÌubh‡)År���}rÄ���(h�X-���Account information is replicated across CNs
h }rÅ���(h$]h%]h#]h"]h&]uh�jc���h�]rÇ���hq)ÅrÉ���}rÑ���(h�X,���Account information is replicated across CNsrÖ���h�j���h�h�h�hth }rÜ���(h$]h%]h#]h"]h&]uh(K3h�]rá���h=X,���Account information is replicated across CNsrà���ÖÅrâ���}rä���(h�jÖ���h�jÉ���ubaubah�hÌubeh�j����ubah�hâubeubeubcdocutils.nodes
comment
rã���)Årå���}rç���(h�XQ���@startuml images/15_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "Authentication API" as c_authenticate << Coordinating Node >>
app_client -> c_authenticate: newAccount (user, pw)
app_client <-- c_authenticate: token or failure
User <-- c_authenticate: email confirmation
@endumlh�h+h�h�h�U�commentr��h }r��(U xml:spacer��U�preserver��h"]h#]h$]h%]h&]uh(K?h)h�h�]r��h=XQ���@startuml images/15_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "Authentication API" as c_authenticate << Coordinating Node >>
app_client -> c_authenticate: newAccount (user, pw)
app_client <-- c_authenticate: token or failure
User <-- c_authenticate: email confirmation
@endumlrì���ÖÅrî���}rï���(h�U�h�jå���ubaubcdocutils.nodes
image
rñ���)Åró���}rò���(h�X����.. image:: images/15_seq.png
h�h+h�h�h�U�imagerô���h }rö���(U�uriX!���design/UseCases/images/15_seq.pngrõ���h"]h#]h$]h%]U
candidatesrú���}rù���U�*jõ���sh&]uh(KAh)h�h�]ubhq)Årû���}rü���(h�X)���*Figure 1.* Interactions for use case 15.r†���h�h+h�h�h�hth }r°���(h$]h%]h#]h"]h&]uh(KBh)h�h�]r¢���(cdocutils.nodes
emphasis
r£���)År§���}r•���(h�X����*Figure 1.*h }r¶���(h$]h%]h#]h"]h&]uh�jû���h�]rß���h=X ���Figure 1.r®���ÖÅr©���}r™���(h�U�h�j§���ubah�U�emphasisr´���ubh=X���� Interactions for use case 15.r¨���ÖÅr≠���}rÆ���(h�X���� Interactions for use case 15.h�jû���ubeubhq)ÅrØ���}r∞���(h�X ���**Notes**r±���h�h+h�h�h�hth }r≤���(h$]h%]h#]h"]h&]uh(KEh)h�h�]r≥���cdocutils.nodes
strong
r¥���)Årµ���}r∂���(h�j±���h }r∑���(h$]h%]h#]h"]h&]uh�jØ���h�]r∏���h=X����Notesrπ���ÖÅr∫���}rª���(h�U�h�jµ���ubah�U�strongrº���ubaubh⁄)ÅrΩ���}ræ���(h�U�h�h+h�h�h�j����h }rø���(hfiX����-h"]h#]h$]h%]h&]uh(KGh)h�h�]r¿���(h‡)År¡���}r¬���(h�X≥���By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)
h�jΩ���h�h�h�hÌh }r√���(h$]h%]h#]h"]h&]uh(Nh)h�h�]rƒ���hq)År≈���}r∆���(h�X≤���By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)r«���h�j¡���h�h�h�hth }r»���(h$]h%]h#]h"]h&]uh(KGh�]r…���h=X≤���By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)r ���ÖÅrÀ���}rÃ���(h�j«���h�j≈���ubaubaubh‡)ÅrÕ���}rŒ���(h�Xä���Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)
h�jΩ���h�h�h�hÌh }rœ���(h$]h%]h#]h"]h&]uh(Nh)h�h�]r–���hq)År—���}r“���(h�Xâ���Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)r”���h�jÕ���h�h�h�hth }r‘���(h$]h%]h#]h"]h&]uh(KKh�]r’���h=Xâ���Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)r÷���ÖÅr◊���}rÿ���(h�j”���h�j—���ubaubaubeubh�)ÅrŸ���}r⁄���(h�X°���.. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/15_uc.txtU
referencedr€���K�h�h+h�h�h�h�h }r‹���(hÅhÇh"]r›���h�ah#]h$]h%]h&]rfi���h�auh(KNh)h�h�]ubeubeh�U�U�transformerrfl���NU
footnote_refsr‡���}r·���U�refnamesr‚���}r„���hÄ]r‰���h{asU�symbol_footnotesrÂ���]rÊ���U�autofootnote_refsrÁ���]rË���U�symbol_footnote_refsrÈ���]rÍ���U citationsrÎ���]rÏ���h)h�U�current_linerÌ���NU�transform_messagesrÓ���]rÔ���(cdocutils.nodes
system_message
r���)ÅrÒ���}rÚ���(h�U�h }rÛ���(h$]U�levelK�h"]h#]U�sourceh�h%]h&]U�lineK�U�typeU�INFOrÙ���uh�]rı���hq)Årˆ���}r˜���(h�U�h }r¯���(h$]h%]h#]h"]h&]uh�jÒ���h�]r˘���h=X*���Hyperlink target "uc15" is not referenced.r˙���ÖÅr˚���}r¸���(h�U�h�jˆ���ubah�htubah�U�system_messager˝���ubj���)År˛���}rˇ���(h�U�h }r����(h$]U�levelK�h"]h#]U�sourceh�h%]h&]U�lineK�U�typejÙ���uh�]r����hq)År����}r����(h�U�h }r����(h$]h%]h#]h"]h&]uh�j˛���h�]r����h=X-���Hyperlink target "index-0" is not referenced.r����ÖÅr����}r����(h�U�h�j����ubah�htubah�j˝���ubeU�reporterr ���NU�id_startr
���K�U
autofootnotesr����]r����U
citation_refsr
���}r����U�indirect_targetsr����]r����U�settingsr����(cdocutils.frontend
Values
r����or����}r����(U�footnote_backlinksr����K�U�record_dependenciesr����NU�rfc_base_urlr����U�https://tools.ietf.org/html/r����U tracebackr����àU�pep_referencesr����NU�strip_commentsr����NU
toc_backlinksr����U�entryr����U
language_coder����U�enr����U datestampr ���NU�report_levelr!���K�U�_destinationr"���NU
halt_levelr#���K�U
strip_classesr$���Nh:NU�error_encoding_error_handlerr%���U�backslashreplacer&���U�debugr'���NU�embed_stylesheetr(���âU�output_encoding_error_handlerr)���U�strictr*���U
sectnum_xformr+���K�U�dump_transformsr,���NU
docinfo_xformr-���K�U�warning_streamr.���NU�pep_file_url_templater/���U�pep-%04dr0���U�exit_status_levelr1���K�U�configr2���NU�strict_visitorr3���NU�cloak_email_addressesr4���àU�trim_footnote_reference_spacer5���âU�envr6���NU�dump_pseudo_xmlr7���NU�expose_internalsr8���NU�sectsubtitle_xformr9���âU�source_linkr:���NU�rfc_referencesr;���NU�output_encodingr<���U�utf-8r=���U
source_urlr>���NU�input_encodingr?���U utf-8-sigr@���U�_disable_configrA���NU id_prefixrB���U�U tab_widthrC���K�U�error_encodingrD���U�UTF-8rE���U�_sourcerF���h�U�gettext_compactrG���àU generatorrH���NU�dump_internalsrI���NU�smart_quotesrJ���âU�pep_base_urlrK���U https://www.python.org/dev/peps/rL���U�syntax_highlightrM���U�longrN���U�input_encoding_error_handlerrO���j*���U�auto_id_prefixrP���U�idrQ���U�doctitle_xformrR���âU�strip_elements_with_classesrS���NU
_config_filesrT���]U�file_insertion_enabledrU���àU�raw_enabledrV���K�U
dump_settingsrW���NubU�symbol_footnote_startrX���K�U�idsrY���}rZ���(h�h+hIhUh�h+h�jŸ���uU�substitution_namesr[���}r\���h�h)h }r]���(h$]h"]h#]U�sourceh�h%]h&]uU footnotesr^���]r_���U�refidsr`���}ra���(hI]rb���hQah�]rc���h�auub.