What truths about the world do we assume as starting condition?
1) We are trying to build workflows that run on the real internet. Thus we assume that hackers are present at all times, and they will leverage any vulnerability to the same extent they would on any public website -- we are not assuming that there are disgruntle ex-workers who are targeting the sites unnecessarily, and we similarly do not assume that everybody will play nice. We say that these workflow run "outside of the firewall" and that means that they can be invoked from the internet outside the firewall, and they can make calls to other services outside the firewall. Other aspects of a workflow service might be protected by a firewall.
2) We assume that all services being called are valuable. Therefor they have need:
for controlling who can access them (access control),
for having an accurate record of who has accessed them (non repudiation).
for preventing others from seeing the information passed (privacy)
While there are free services available, and they might be needed for a workflow, they represent a simplified special case where the username/token can be relaxed. We will focus on the more general case that valuable services are being accessed securely.
3) Not every user is is registered in the same identity server.
4) A REST approach will be used. Data will be represented as resources which have addresses on the web. The resource can be retrieved using a GET operation, and manipulated with PUT, POST, and DELETE in a manner consistent with RESTFul principles.
Assumptions to Enable the Solution
5) Users will have globally unique IDs which any service can use to authenticate the user. Note that this does not mean that each person has only one ID -- a given person might have more than one user account. That is, a person may be required to have accounts at more than one place.
Last edited by Keith Swenson 12/17/2008(Effective date 12/17/2008)
You are viewing a static copy of
a project that was originally a wiki.
These pages can not be modified
at this location even though the page
may appear incomplete.
This copy was generated on
01/29/2012
and this project information has not been
changed since 12/17/2008.
Scenario Fundamental Assumptions
What truths about the world do we assume as starting condition?
1) We are trying to build workflows that run on the real internet. Thus we assume that hackers are present at all times, and they will leverage any vulnerability to the same extent they would on any public website -- we are not assuming that there are disgruntle ex-workers who are targeting the sites unnecessarily, and we similarly do not assume that everybody will play nice. We say that these workflow run "outside of the firewall" and that means that they can be invoked from the internet outside the firewall, and they can make calls to other services outside the firewall. Other aspects of a workflow service might be protected by a firewall.
2) We assume that all services being called are valuable. Therefor they have need:
While there are free services available, and they might be needed for a workflow, they represent a simplified special case where the username/token can be relaxed. We will focus on the more general case that valuable services are being accessed securely.
3) Not every user is is registered in the same identity server.
4) A REST approach will be used. Data will be represented as resources which have addresses on the web. The resource can be retrieved using a GET operation, and manipulated with PUT, POST, and DELETE in a manner consistent with RESTFul principles.
Assumptions to Enable the Solution
5) Users will have globally unique IDs which any service can use to authenticate the user. Note that this does not mean that each person has only one ID -- a given person might have more than one user account. That is, a person may be required to have accounts at more than one place.