Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
Actors: unidentified-user, cloud-subscriber, payment-broker, cloud-provider.
Goals: Cloud-provider opens a new account for an unidentified-user who then becomes a cloud-subscriber.
Assumptions: A cloud-provider's account creation web page describes the service offered and the payment mechanisms. An unidentified-user can access the cloud-provider's account creation web page.
Success Scenario: (open, IaaS, PaaS, SaaS): An unidentified-user accesses a cloud-provider's account creation web page. The unidentified-user provides: (1) a unique name for the new account; (2) information about the unidentified-user's financial; and (3) when the unidentified-user wants the account opened. The cloud-provider verifies the unidentified-user's financial information; if the information is deemed valid by cloud-provider, the unidentified-user becomes a cloud-subscriber and the cloud-provider returns authentication information that the cloud-subscriber can subsequently use to access the service.
Failure Conditions: (1) the unidentified-user does not provide a suitable name; (2) the financial information is not valid; (3) cloud-provider fails to notify the cloud-subscriber the account is open.
Failure Handling: For (1) and (2), new account is not created; For (3) See Use Case 3.2 below on failure handling related to notifications from cloud-provider to cloud-subscriber.