Use Cases
Description | User stories that provide a high level view of ICAM business processes. |
Audience | ICAM Enterprise Architects; Business line and/or unit managers |
The diagram below is intended to provide an overview of ICAM business processes and help you navigate the use cases found on subsequent pages. The diagram splits into two main processes - those for users whose information is stored by the agency, such as for its employees and contractors, and those whose information is managed externally and is leveraged through a federated process. At the bottom of the page is a list of common business processes, or use cases, encountered in the ICAM environment. Although the diagram shows the processes in a left-to-right, linear way, the important aspect is that the processes performed in one area are leveraged and built upon in the others. Each node of the diagram ties to one of the use cases listed below.
Each use case includes a high level summary of the scenario, illustrations that depict the required steps to achieve the end goal, conditions that should be met before and as a result of the use case, individuals and systems involved in the use case, and an indication of the high-level area (Identity, Credential, or Access Management) and specific service with which the use case most closely aligns.
While each use case describes a particular ICAM business process, the use cases are highly interrelated. The activities and technologies represented in the use cases have been generalized to maximize applicability across agencies. Many lower level functions and process details that may be more agency-specific are not addressed in this architecture, as agencies are expected to perform a separate analysis on their systems and processes to achieve the appropriate alignment with the broader use cases. The ICAM use cases can be interwoven or built upon to support specific agency use case scenarios.
List of FICAM Use Cases
- 1. Create and Maintain an Identity
- 2. Proof an Identity at Level of Assurance 2
- 3. Proof an Identity at Level of Assurance 3
- 4. Proof an Identity at Level of Assurance 4
- 5. Resolve an Identity Internal to an Agency
- 6. Create and Issue Level of Assurance 2 Credential
- 7. Create and Issue Level of Assurance 3 Credential
- 8. Create and Issue Level of Assurance 4 Credential
- 9. Create and Issue Derived PIV
- 10. Maintain Credential - Reset
- 11. Maintain Credential - Renew
- 12. Maintain Credential - Revoke
- 13. Administer Digital Access Policies
- 14. Manage Entitlements
- 15. Grant Access to a Protected Resource
- 16. Authenticate a User
- 17. Authorize Access - Static
- 18. Authorize Access - Dynamic
- 19. Exchange Attributes in a Federation
- 20. Accept Credentials in a Federation
Background & Key Revisions
In order to simplify the existing use cases, an emphasis has been placed on graphics, rather than long, descriptive text. Focus has also been shifted from current state processes to the target-state environment. The scope of the use cases has been limited by removing those that were out of scope, combining similar concepts, and adding or expanding cases to cover gaps, such as federation, common access models, and process differences related to LOA.