Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added prose description

...

Communications Diagram

Sequence Diagram

Prose Description of Use Case

Sally recently used a fourth party pRFP Broker, "BuyingNow", to post a personal RFP for a new car. The RFP was distributed to a specific list of contacts or "Vendors" with return communications to Sally's protected Inbox at "Messages, Inc.". Each Vendor is known to BuyingNow and are able to access BuyingNow's web services with an authenticated identity. When Sally published the pRFP, she provisioned BuyingNow as an Authorization Manager

After receiving notifications of the pRFP, several Vendors accessed the pRFP, hosted at "BuyingNow" as a UMA protected resource. One such Vendor, "Cars R Us", uploaded the details of the Sally's request in its CRM system and, after automated analysis of Sally's reputation and financial credentials (provided as part of the pRFP), escalated the request to a Customer Contact Specialist, aka, a sales person.

Through their internal CRM system, the Specialist researched their inventory and sent a question to Sally to better understand her needs. To send that message, the Cars R Us CRM system accessed a protected SMTP resource hosted by "Messages Inc.".

BuyingNow authenticated the CRM system and authorized access to the SMTP server, which accepted the incoming message for Sally. Sally was notified through her phone-as per her standing preference at Messages, Inc. for messages coming through Buying Now-that she had an inquiry. She activated her mobile app and answered the Specialist's question.

Unfortunately, the subsequent proposal from Cars R Us didn't meet Sally's needs and she removed Cars R Us from the authorized vendor list at Buying Now. After that, Cars R Us was unable to contact Sally, as the only contact information they had was the protected SMTP resource. Sally was able to winnow her list of vendors down and negotiate a great price for her new car.

New Questions

  1. This use case suggests the possibility for multiple AMs for a single resource. Sally wants to authorize BuyingNow as an AM for her Messages, Inc. service while she's shopping for a new car, but most of the time, she uses "MyFriends" to make sure only her friends can send her messages. Can the current system handle multiple active AMs for a given protected resource?