Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed label of "prosed description" to "User Story" plus formatting fix

...

Communications Diagram

Sequence Diagram

...

User Story

Sally recently used a fourth party pRFP Broker, "BuyingNow", to post a personal RFP for a new car. The RFP was distributed to a specific list of contacts or "Vendors" with return communications to Sally's protected Inbox at "Messages, Inc.". Each Vendor is known to BuyingNow and are able to access BuyingNow's web services with an authenticated identity. When Sally published the pRFP, she provisioned BuyingNow as an Authorization Manager for her Messages, Inc. service.

After receiving notifications of the pRFP, several Vendors accessed the pRFP, hosted at " BuyingNow " as a UMA protected resource. One such Vendor, "Cars R Us", uploaded the details of the Sally's request in into its CRM system and, after automated analysis of Sally's reputation and financial credentials (provided as part of the pRFP), escalated the request to a Customer Contact Specialist, aka, a sales person.

...

BuyingNow authenticated the CRM system and authorized access to the SMTP server, which accepted the incoming message for Sally. Sally was notified through her phone -that she had an inquiry – as per her standing preference at Messages, Inc. for messages coming through Buying Now-that she had an inquiry. She activated her mobile app and answered the Specialist's question.

Unfortunately, the subsequent proposal from Cars R Us didn't meet Sally's needs and she removed Cars R Us from the authorized vendor list at Buying Now. After that, Cars R Us was unable to contact Sally, as the only contact information they had was the protected SMTP resource. Sally was able to winnow her list of vendors down and negotiate a great price for her new car without exposing her email address to potential SPAM leaks.

New Questions

  1. This use case suggests the possibility for multiple AMs for a single resource. Sally wants to authorize BuyingNow as an AM for her Messages, Inc. service while she's shopping for a new car, but most of the time, she uses "MyFriends" to make sure only her friends can send her messages. Can the current system handle multiple active AMs for a given protected resource?