Model Name : Community Member using public machine in the library.
Description of the Assumed Model:
Model Use Cases (Basic) :
1. Use Case Name :
Use Case Description :
Primary actor(s) :
User Type :
Technology Type :
Vendor Type :
Precondition :
Trigger :
Basic flow (today) : User logs in to the machine using their campus issued credentials and a standard desktop login process; this gives them access to their network-based file space, etc, and perhaps other permissions on the desktop machine. Because they are using an "empowered" machine on the campus network (based on IP address) they can access all licensed material.
Basic flow (proposed) : User logs in to the machine using their campus issued credentials and a standard desktop login process. They access licensed material, are redirected to the campus IdP, authenticate once, and are redirected back to the resource. Additional accessto licensed material do not require additional authenticaiton events.
Alternate flow(s) : authentication at the Shibboleth IdP done using SPNEGO + credentials in the workstation; this makes the Shibboleth login transparent to the user. Options -- navigate the WAYF, use local navigation pages.
Model Name : Walk-in user (not community member) using public machine in the library.
Description of the Assumed Model:
Model Use Cases (Basic) :
1. Use Case Name :
Use Case Description :
Primary actor(s) :
User Type :
Technology Type :
Vendor Type :
Precondition :
Trigger :
Basic flow : a walkin user sits at an "open access" machine in the library. No login is required to use the machine. The user attempts to access licensed material, are redirected to the campus IdP, are auto-magically authenticated using the Univ of Washington's mod_auth_location apache plugin (http://staff.washington.edu/fox/authlocation/); it maps an IP address to a user identity (eg GUEST1, which possesses a specific set of permissions, perhaps less than a community member), and are redirected back to the resource.
Alternate flow(s) : a walkin user sits at an "open access" machine in the library. A library staff member logs them into the machine. The user attempts to access licensed material, are redirected to the campus IdP, are auto-magically authenticated to the Shibboleth IdP using SPNEGO and the desktop credentials,which possesses a specific set of permissions, perhaps less than a community member, and are redirected back to the resource.
Model Name : Community Member using campus wireless network while in the Library
Description of the Assumed Model:
Model Use Cases (Basic) :
1. Use Case Name :
Use Case Description :
Primary actor(s) :
User Type :
Technology Type :
Vendor Type :
Precondition :
Trigger :
Basic flow : user enters the library carrying a laptop; they logon to the campus network using their campus issued credentials; they proceed as above in the (login required) use case.
Alternate flow(s) :
Model Name : Walkin User using campus wireless network while in the Library, using eduROAM credentials
Description of the Assumed Model:
Model Use Cases (Basic) :
1. Use Case Name :
Use Case Description :
Primary actor(s) :
User Type :
Technology Type :
Vendor Type :
Precondition :
Trigger :
Basic flow : walkin user enters the library carrying a laptop; they logon to the campus network via eduROAM; they access licensed material, are redirected to their HOME campus IdP (not the local campus IdP), authenticate once, and are redirected back to the resource. (NO Access granted because of IP address).