Policy Aware Web (PAW) Use Cases

This version:
Latest version:
Previous versions:
David Wood, MIND Lab, University of Maryland <dwood@NOSPAM.mindswap.org >


This document specifies usage scenarios for PAW.

Table of Contents

1 Use Cases for PAW
    1.1 Use Case "PS": Photo Sharing
    1.2 Use Case "PSD": Photo Sharing with Delegation
    1.3 Use Case "SIW": Shared Internal Web


A Acknowledgements

1 Use Cases for PAW

The use cases below were created by the PAW team to assist in scoping the project and measuring success.

1.1 Use Case "PS": Photo Sharing

Bob runs the web site for a Girl Scout troop. He has a number of photo sets, and needs to control who can see which pictures. Photos take at meetings of the troop can be shared with any current member of the troop. Photos taken at a jamboree can be shared with anyone in the troop or with anyone who attended the jamboree. Photos of the girls winning awards can be shared with anyone currently in the troop, or who was ever a member. These award photos can also be shared with the public if, and only if, the girl's parents allow it.

1.2 Use Case "PSD": Photo Sharing with Delegation

This use case is an extension to Use Case "PS", where a girl's parents can allow their family members and friends to view photos taken at meetings, jamborees, and award ceremonies if their daughter is in the picture or if they get permission from the parents of the girls in the picture and the adults in the pictures.

A detailed scenario for this use case is as follows:

Troop42 is a girl scout troop. It has a website (http://troop42.org) that hosts pictures taken at girl scout meetings/jamborees. Its access control policy states that pictures can be accessed by current girl scout members and their families.

Girl scout members are identified by statements signed by public key SK-GSA (Girl Scouts of America). Jane is not in Troop42 but is a girl scout and her mom is Betty. GSA signs a statement saying that Jane is a member of GSA; (#jane member #gsa) signed by SK-GSA.

Jane's foaf file points to Betty's HTML page (which is available via a URL controlled by OpenID) and Betty authenticates via OpenID.

Betty has a PAW proxy (or PAW support in her browser) and she makes an HTTP GET request for a picture on http://troop42.org. The server comes back with a 401 error and the policy that she must satisfy. Betty must come up with a proof that shows that she meets the policy.

There are four cases where the GSA public key may be: The key may be publicly available, behind a username/passwd that Betty knows, a PAW controlled resource, or the key may be passed out of band.

Betty's proxy (or browser) constructs a proof which shows:

  • Jane is a girl scout (proven by the signed GSA statement);
  • The GSA public key;
  • Betty is Jane's mother (proven by Jane's FOAF file saying that the person who controls Betty's HTML page is her mother); and
  • Betty's OpenID authentication against her HTML page.

Betty's proxy (or browser) sends this proof to the server. The server checks this proof and if the proof is valid, Betty is given access to the picture she requested.

1.3 Use Case "SIW": Shared Internal Web

Bob is a systems administrator for Company A. Bob has been tasked with making certain company internal Web content accessible to traveling employees of Company A, such as sales people. Company A would also like to share some of the content with employees of Company B's marketing department to facilitate a mutual marketing program. Bob would like to define separate policies for traveling sales staff and Company B's marketing department. Company A's IT infrastructure is responsible for (somehow) authenticating their own traveling sales staff. Company B, on the other hand, would like to authenticate their own staff in accordance with the two companies' partnership agreement. Bob would very much like to be out of the loop when Company B's marketing department makes staff changes.

A Acknowledgements

The editors thank the members of the PAW team, which produced the material in this document.

The use cases in this paper were contributed by the following individuals:

Use Case "PS" Jim Hendler
Use Case "PSD" Lalana Kagal. Group discussion at January 2006 face-to-face meeting extended the scenario. Major contributors were Jim Hendler, Danny Weitzner, Dan Connolly, Lalana Kagal, Vlad Kolovski, David Wood (in no particular order).
Use Case "SIW" David Wood