...
If a new Web application supports only a subset of operations that were originally supported by the previous Web application, then rules for those operations that exist in an access control policy are simply removed. In case a new application supports a superset of operations then all rules from an access control policy are retained. New rules for newly supported operations can be easily added to the policy. In case the set of operations differs from the operations as defined in an access control policy, a human intervention may be required to map names of old operations to the names of new operations.
Dimensions
- Scope: This use case touches the notion of Scope is so far as the moved resource is to be assigned the same Scope values.
- Cardinality: This use case involves multiple Hosts and multiple AMs, and as such it may have a high degree of cardinality.
- Nature of access to protected resource: This use case may require the nature of access to be determined. (In the diagram, an API method is indicated.
- Person-to-Self: This use case may be implemented in a manner that involves a Person-to-Self transaction, in the sense that the User that authorizes the move is also the same User that authorizes the new Web Application to accept the existing AM currently used by the User.