€cdocutils.nodes
document
q)q}q(U	nametypesq}q(X    use case 15 - account managementqNX   uc15qˆX   historyqˆuUsubstitution_defsq	}q
Uparse_messagesq]qUcurrent_sourceqNU
decorationqNUautofootnote_startqKUnameidsq}q(hUuse-case-15-account-managementqhUuc15qhUhistoryquUchildrenq]q(cdocutils.nodes
target
q)q}q(U	rawsourceqX	   .. _UC15:UparentqhUsourceqXj   /var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/UseCases/15_uc.txtqUtagnameqUtargetqU
attributesq }q!(Uidsq"]Ubackrefsq#]Udupnamesq$]Uclassesq%]Unamesq&]Urefidq'huUlineq(KUdocumentq)hh]ubcdocutils.nodes
section
q*)q+}q,(hU hhhhUexpect_referenced_by_nameq-}q.hhshUsectionq/h }q0(h$]h%]h#]h"]q1(hheh&]q2(hheuh(Kh)hUexpect_referenced_by_idq3}q4hhsh]q5(cdocutils.nodes
title
q6)q7}q8(hX    Use Case 15 - Account Managementq9hh+hhhUtitleq:h }q;(h$]h%]h#]h"]h&]uh(Kh)hh]q<cdocutils.nodes
Text
q=X    Use Case 15 - Account Managementq>…q?}q@(hh9hh7ubaubcsphinx.addnodes
index
qA)qB}qC(hU hh+hhhUindexqDh }qE(h"]h#]h$]h%]h&]UentriesqF]qG((UsingleqHX   Use Case 15Uindex-0qIU NtqJ(hHX   UC15hIU NtqK(hHX   Manage AccountshIU NtqL(hHX   userhIU NtqM(hHX   accounthIU NtqN(hHX   identityhIU NtqOeUinlineqP‰uh(Kh)hh]ubh)qQ}qR(hU hh+hhhhh }qS(h"]h#]h$]h%]h&]h'hIuh(Kh)hh]ubcdocutils.nodes
definition_list
qT)qU}qV(hU hh+hhh-}hUdefinition_listqWh }qX(h$]h%]h#]h"]qYhIah&]uh(Nh)hh3}qZhIhQsh]q[(cdocutils.nodes
definition_list_item
q\)q]}q^(hX+   Revisions
View document revision history_.
hhUhhhUdefinition_list_itemq_h }q`(h$]h%]h#]h"]h&]uh(K	h]qa(cdocutils.nodes
term
qb)qc}qd(hX	   Revisionsqehh]hhhUtermqfh }qg(h$]h%]h#]h"]h&]uh(K	h]qhh=X	   Revisionsqi…qj}qk(hhehhcubaubcdocutils.nodes
definition
ql)qm}qn(hU h }qo(h$]h%]h#]h"]h&]uhh]h]qpcdocutils.nodes
paragraph
qq)qr}qs(hX    View document revision history_.hhmhhhU	paragraphqth }qu(h$]h%]h#]h"]h&]uh(K	h]qv(h=X   View document revision qw…qx}qy(hX   View document revision hhrubcdocutils.nodes
reference
qz)q{}q|(hX   history_Uresolvedq}KhhrhU	referenceq~h }q(UnameX   historyq€UrefuriqX”   https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/15_uc.txtq‚h"]h#]h$]h%]h&]uh]qƒh=X   historyq„…q…}q†(hU hh{ubaubh=X   .…q‡}qˆ(hX   .hhrubeubahU
definitionq‰ubeubh\)qŠ}q‹(hX§   Goal
Edit a user account.  This includes creating, deleting, editing

User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).
hhUhhhh_h }qŒ(h$]h%]h#]h"]h&]uh(Kh)hh]q(hb)qŽ}q(hX   GoalqhhŠhhhhfh }q‘(h$]h%]h#]h"]h&]uh(Kh]q’h=X   Goalq“…q”}q•(hhhhŽubaubhl)q–}q—(hU h }q˜(h$]h%]h#]h"]h&]uhhŠh]q™(hq)qš}q›(hX?   Edit a user account.  This includes creating, deleting, editingqœhh–hhhhth }q(h$]h%]h#]h"]h&]uh(Kh]qžh=X?   Edit a user account.  This includes creating, deleting, editingqŸ…q }q¡(hhœhhšubaubhq)q¢}q£(hX`   User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).q¤hh–hhhhth }q¥(h$]h%]h#]h"]h&]uh(Kh]q¦h=X`   User Account Management - Create new user account on Identity Provider (also
edit, delete, ...).q§…q¨}q©(hh¤hh¢ubaubehh‰ubeubh\)qª}q«(hXd  Summary
Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.

The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).

hhUhhhh_h }q¬(h$]h%]h#]h"]h&]uh(Kh)hh]q­(hb)q®}q¯(hX   Summaryq°hhªhhhhfh }q±(h$]h%]h#]h"]h&]uh(Kh]q²h=X   Summaryq³…q´}qµ(hh°hh®ubaubhl)q¶}q·(hU h }q¸(h$]h%]h#]h"]h&]uhhªh]q¹(hq)qº}q»(hX­   Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.q¼hh¶hhhhth }q½(h$]h%]h#]h"]h&]uh(Kh]q¾h=X­   Perform basic account management operations. This process can be quite
complex depending on the identity provider in use and the security policies
that need to be addressed.q¿…qÀ}qÁ(hh¼hhºubaubhq)qÂ}qÃ(hX«  The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).qÄhh¶hhhhth }qÅ(h$]h%]h#]h"]h&]uh(Kh]qÆh=X«  The use case and interaction presented here assumes a simplistic operation
that relies only upon email verification for the new account creation. A
more sophisticated interaction might include administrative approval of the
new account, selection of an identity provider to use, and assignment of
roles based on the level of approval and the nature of the selected identity
provider (i.e. trustworthiness of identity provider).qÇ…qÈ}qÉ(hhÄhhÂubaubehh‰ubeubh\)qÊ}qË(hXN   Actors
- New User

- Administrator

- Identity provider

- Coordinating Node

hhUhhhh_h }qÌ(h$]h%]h#]h"]h&]uh(K&h)hh]qÍ(hb)qÎ}qÏ(hX   ActorsqÐhhÊhhhhfh }qÑ(h$]h%]h#]h"]h&]uh(K&h]qÒh=X   ActorsqÓ…qÔ}qÕ(hhÐhhÎubaubhl)qÖ}q×(hU h }qØ(h$]h%]h#]h"]h&]uhhÊh]qÙcdocutils.nodes
bullet_list
qÚ)qÛ}qÜ(hU h }qÝ(UbulletqÞX   -h"]h#]h$]h%]h&]uhhÖh]qß(cdocutils.nodes
list_item
qà)qá}qâ(hX	   New User
h }qã(h$]h%]h#]h"]h&]uhhÛh]qähq)qå}qæ(hX   New Userqçhháhhhhth }qè(h$]h%]h#]h"]h&]uh(Kh]qéh=X   New Userqê…që}qì(hhçhhåubaubahU	list_itemqíubhà)qî}qï(hX   Administrator
h }qð(h$]h%]h#]h"]h&]uhhÛh]qñhq)qò}qó(hX   Administratorqôhhîhhhhth }qõ(h$]h%]h#]h"]h&]uh(K!h]qöh=X   Administratorq÷…qø}qù(hhôhhòubaubahhíubhà)qú}qû(hX   Identity provider
h }qü(h$]h%]h#]h"]h&]uhhÛh]qýhq)qþ}qÿ(hX   Identity providerr   hhúhhhhth }r  (h$]h%]h#]h"]h&]uh(K#h]r  h=X   Identity providerr  …r  }r  (hj   hhþubaubahhíubhà)r  }r  (hX   Coordinating Node

h }r  (h$]h%]h#]h"]h&]uhhÛh]r	  hq)r
  }r  (hX   Coordinating Noder  hj  hhhhth }r  (h$]h%]h#]h"]h&]uh(K%h]r  h=X   Coordinating Noder  …r  }r  (hj  hj
  ubaubahhíubehUbullet_listr  ubahh‰ubeubh\)r  }r  (hXR   Preconditions
- System is operational and policy is in place to accept new users.
hhUhhhh_h }r  (h$]h%]h#]h"]h&]uh(K)h)hh]r  (hb)r  }r  (hX   Preconditionsr  hj  hhhhfh }r  (h$]h%]h#]h"]h&]uh(K)h]r  h=X   Preconditionsr  …r  }r  (hj  hj  ubaubhl)r  }r   (hU h }r!  (h$]h%]h#]h"]h&]uhj  h]r"  hÚ)r#  }r$  (hU h }r%  (hÞX   -h"]h#]h$]h%]h&]uhj  h]r&  hà)r'  }r(  (hXB   System is operational and policy is in place to accept new users.
h }r)  (h$]h%]h#]h"]h&]uhj#  h]r*  hq)r+  }r,  (hXA   System is operational and policy is in place to accept new users.r-  hj'  hhhhth }r.  (h$]h%]h#]h"]h&]uh(K)h]r/  h=XA   System is operational and policy is in place to accept new users.r0  …r1  }r2  (hj-  hj+  ubaubahhíubahj  ubahh‰ubeubh\)r3  }r4  (hX,   Triggers
- A new user account is requested.
hhUhhhh_h }r5  (h$]h%]h#]h"]h&]uh(K,h)hh]r6  (hb)r7  }r8  (hX   Triggersr9  hj3  hhhhfh }r:  (h$]h%]h#]h"]h&]uh(K,h]r;  h=X   Triggersr<  …r=  }r>  (hj9  hj7  ubaubhl)r?  }r@  (hU h }rA  (h$]h%]h#]h"]h&]uhj3  h]rB  hÚ)rC  }rD  (hU h }rE  (hÞX   -h"]h#]h$]h%]h&]uhj?  h]rF  hà)rG  }rH  (hX!   A new user account is requested.
h }rI  (h$]h%]h#]h"]h&]uhjC  h]rJ  hq)rK  }rL  (hX    A new user account is requested.rM  hjG  hhhhth }rN  (h$]h%]h#]h"]h&]uh(K,h]rO  h=X    A new user account is requested.rP  …rQ  }rR  (hjM  hjK  ubaubahhíubahj  ubahh‰ubeubh\)rS  }rT  (hX   Post Conditions
- New account is created (if accepted)

- Access control rules for new account are specified

- Account information is replicated across CNs
hhUhhhh_h }rU  (h$]h%]h#]h"]h&]uh(K3h)hh]rV  (hb)rW  }rX  (hX   Post ConditionsrY  hjS  hhhhfh }rZ  (h$]h%]h#]h"]h&]uh(K3h]r[  h=X   Post Conditionsr\  …r]  }r^  (hjY  hjW  ubaubhl)r_  }r`  (hU h }ra  (h$]h%]h#]h"]h&]uhjS  h]rb  hÚ)rc  }rd  (hU h }re  (hÞX   -h"]h#]h$]h%]h&]uhj_  h]rf  (hà)rg  }rh  (hX%   New account is created (if accepted)
h }ri  (h$]h%]h#]h"]h&]uhjc  h]rj  hq)rk  }rl  (hX$   New account is created (if accepted)rm  hjg  hhhhth }rn  (h$]h%]h#]h"]h&]uh(K/h]ro  h=X$   New account is created (if accepted)rp  …rq  }rr  (hjm  hjk  ubaubahhíubhà)rs  }rt  (hX3   Access control rules for new account are specified
h }ru  (h$]h%]h#]h"]h&]uhjc  h]rv  hq)rw  }rx  (hX2   Access control rules for new account are specifiedry  hjs  hhhhth }rz  (h$]h%]h#]h"]h&]uh(K1h]r{  h=X2   Access control rules for new account are specifiedr|  …r}  }r~  (hjy  hjw  ubaubahhíubhà)r  }r€  (hX-   Account information is replicated across CNs
h }r  (h$]h%]h#]h"]h&]uhjc  h]r‚  hq)rƒ  }r„  (hX,   Account information is replicated across CNsr…  hj  hhhhth }r†  (h$]h%]h#]h"]h&]uh(K3h]r‡  h=X,   Account information is replicated across CNsrˆ  …r‰  }rŠ  (hj…  hjƒ  ubaubahhíubehj  ubahh‰ubeubeubcdocutils.nodes
comment
r‹  )rŒ  }r  (hXQ  @startuml images/15_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "Authentication API" as c_authenticate << Coordinating Node >>
app_client -> c_authenticate: newAccount (user, pw)
app_client <-- c_authenticate: token or failure
User <-- c_authenticate: email confirmation
@endumlhh+hhhUcommentrŽ  h }r  (U	xml:spacer  Upreserver‘  h"]h#]h$]h%]h&]uh(K?h)hh]r’  h=XQ  @startuml images/15_seq.png
actor User
participant "Client" as app_client << Application >>
User -> app_client
participant "Authentication API" as c_authenticate << Coordinating Node >>
app_client -> c_authenticate: newAccount (user, pw)
app_client <-- c_authenticate: token or failure
User <-- c_authenticate: email confirmation
@endumlr“  …r”  }r•  (hU hjŒ  ubaubcdocutils.nodes
image
r–  )r—  }r˜  (hX   .. image:: images/15_seq.png
hh+hhhUimager™  h }rš  (UuriX!   design/UseCases/images/15_seq.pngr›  h"]h#]h$]h%]U
candidatesrœ  }r  U*j›  sh&]uh(KAh)hh]ubhq)rž  }rŸ  (hX)   *Figure 1.* Interactions for use case 15.r   hh+hhhhth }r¡  (h$]h%]h#]h"]h&]uh(KBh)hh]r¢  (cdocutils.nodes
emphasis
r£  )r¤  }r¥  (hX   *Figure 1.*h }r¦  (h$]h%]h#]h"]h&]uhjž  h]r§  h=X	   Figure 1.r¨  …r©  }rª  (hU hj¤  ubahUemphasisr«  ubh=X    Interactions for use case 15.r¬  …r­  }r®  (hX    Interactions for use case 15.hjž  ubeubhq)r¯  }r°  (hX	   **Notes**r±  hh+hhhhth }r²  (h$]h%]h#]h"]h&]uh(KEh)hh]r³  cdocutils.nodes
strong
r´  )rµ  }r¶  (hj±  h }r·  (h$]h%]h#]h"]h&]uhj¯  h]r¸  h=X   Notesr¹  …rº  }r»  (hU hjµ  ubahUstrongr¼  ubaubhÚ)r½  }r¾  (hU hh+hhhj  h }r¿  (hÞX   -h"]h#]h$]h%]h&]uh(KGh)hh]rÀ  (hà)rÁ  }rÂ  (hX³   By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)
hj½  hhhhíh }rÃ  (h$]h%]h#]h"]h&]uh(Nh)hh]rÄ  hq)rÅ  }rÆ  (hX²   By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)rÇ  hjÁ  hhhhth }rÈ  (h$]h%]h#]h"]h&]uh(KGh]rÉ  h=X²   By default, accounts have no real privileges. To get higher privileges,
users may have to jump through more hoops (such as verifying their
association with a project/institution)rÊ  …rË  }rÌ  (hjÇ  hjÅ  ubaubaubhà)rÍ  }rÎ  (hXŠ   Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)
hj½  hhhhíh }rÏ  (h$]h%]h#]h"]h&]uh(Nh)hh]rÐ  hq)rÑ  }rÒ  (hX‰   Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)rÓ  hjÍ  hhhhth }rÔ  (h$]h%]h#]h"]h&]uh(KKh]rÕ  h=X‰   Presumably, if we are using external identity providers this user account
management functionality isn't provided by the CN. Right? (PEA)rÖ  …r×  }rØ  (hjÓ  hjÑ  ubaubaubeubh)rÙ  }rÚ  (hX¡   .. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/15_uc.txtU
referencedrÛ  Khh+hhhhh }rÜ  (hh‚h"]rÝ  hah#]h$]h%]h&]rÞ  hauh(KNh)hh]ubeubehU Utransformerrß  NUfootnote_refsrà  }rá  Urefnamesrâ  }rã  h€]rä  h{asUsymbol_footnotesrå  ]ræ  Uautofootnote_refsrç  ]rè  Usymbol_footnote_refsré  ]rê  U	citationsrë  ]rì  h)hUcurrent_linerí  NUtransform_messagesrî  ]rï  (cdocutils.nodes
system_message
rð  )rñ  }rò  (hU h }ró  (h$]UlevelKh"]h#]Usourcehh%]h&]UlineKUtypeUINFOrô  uh]rõ  hq)rö  }r÷  (hU h }rø  (h$]h%]h#]h"]h&]uhjñ  h]rù  h=X*   Hyperlink target "uc15" is not referenced.rú  …rû  }rü  (hU hjö  ubahhtubahUsystem_messagerý  ubjð  )rþ  }rÿ  (hU h }r   (h$]UlevelKh"]h#]Usourcehh%]h&]UlineKUtypejô  uh]r  hq)r  }r  (hU h }r  (h$]h%]h#]h"]h&]uhjþ  h]r  h=X-   Hyperlink target "index-0" is not referenced.r  …r  }r  (hU hj  ubahhtubahjý  ubeUreporterr	  NUid_startr
  KUautofootnotesr  ]r  Ucitation_refsr  }r  Uindirect_targetsr  ]r  Usettingsr  (cdocutils.frontend
Values
r  or  }r  (Ufootnote_backlinksr  KUrecord_dependenciesr  NUrfc_base_urlr  Uhttps://tools.ietf.org/html/r  U	tracebackr  ˆUpep_referencesr  NUstrip_commentsr  NUtoc_backlinksr  Uentryr  Ulanguage_coder  Uenr  U	datestampr   NUreport_levelr!  KU_destinationr"  NU
halt_levelr#  KUstrip_classesr$  Nh:NUerror_encoding_error_handlerr%  Ubackslashreplacer&  Udebugr'  NUembed_stylesheetr(  ‰Uoutput_encoding_error_handlerr)  Ustrictr*  Usectnum_xformr+  KUdump_transformsr,  NUdocinfo_xformr-  KUwarning_streamr.  NUpep_file_url_templater/  Upep-%04dr0  Uexit_status_levelr1  KUconfigr2  NUstrict_visitorr3  NUcloak_email_addressesr4  ˆUtrim_footnote_reference_spacer5  ‰Uenvr6  NUdump_pseudo_xmlr7  NUexpose_internalsr8  NUsectsubtitle_xformr9  ‰Usource_linkr:  NUrfc_referencesr;  NUoutput_encodingr<  Uutf-8r=  U
source_urlr>  NUinput_encodingr?  U	utf-8-sigr@  U_disable_configrA  NU	id_prefixrB  U U	tab_widthrC  KUerror_encodingrD  UUTF-8rE  U_sourcerF  hUgettext_compactrG  ˆU	generatorrH  NUdump_internalsrI  NUsmart_quotesrJ  ‰Upep_base_urlrK  U https://www.python.org/dev/peps/rL  Usyntax_highlightrM  UlongrN  Uinput_encoding_error_handlerrO  j*  Uauto_id_prefixrP  UidrQ  Udoctitle_xformrR  ‰Ustrip_elements_with_classesrS  NU_config_filesrT  ]Ufile_insertion_enabledrU  ˆUraw_enabledrV  KUdump_settingsrW  NubUsymbol_footnote_startrX  K UidsrY  }rZ  (hh+hIhUhh+hjÙ  uUsubstitution_namesr[  }r\  hh)h }r]  (h$]h"]h#]Usourcehh%]h&]uU	footnotesr^  ]r_  Urefidsr`  }ra  (hI]rb  hQah]rc  hauub.