Unanticipated User

Owned by David Doret, created
Last updated: 11-13-2021
2 min read

Unanticipated User

[ 1 Alternative Forms ] [ 2 Definitions ] [ 2.1 Definition 1 ] [ 3 Related Terms ] [ 4 Quotes ] [ 5 Bibliography ] [ 6 See Also ]

Alternative Forms

N/A

Definitions

Definition 1

A user whose onboarding was not anticipated.

Unanticipated users may occur when the onboarding process is not established and followed, or when the circumstances that trigger the onboarding process are such that it couldn’t be followed.

The absence of a process to manage the unanticipated users may have adverse effects on the organization. When the onboarding process is not established or followed, it is a managerial issue. When the onboarding process couldn’t be followed, depending on requirements, self-registration, identity federation, ABAC, PBAC may help manage unanticipated users.

Quotes

3.3 Need to Support Unanticipated Users – The approach for establishing a requesters’ identity may be driven by the need to support entities that were not necessarily expected to require such access. For example, in a military operation, there may be a need to expand the involvement of personnel from other agencies e.g., intelligence analysts who were not initially anticipated. If the identity approach selected uses DoD credentials, each analyst identified initially would be issued a DoD credential. In this scenario, each new analyst identified would need to be issued a DoD credential. This would mean that each new analyst has to physically visit a DoD Registration Authority. That operator has to validate that the user’s registration is approved, establish the user’s true identity, registered him in a DoD repository of authorized users, and create and issue the user a PKI certificate.

The requester identity approach selected may be very appropriate for large user populations where users can be identified well in advance of their need for access. However, even if the approval, registration and issuance process could be expedited, the time required to register new personnel may have an adverse impact on the mission operation. It may be more effective to select an identification scheme that can recognize and authenticate identity credentials issued by other US federal agencies. Access control mechanisms such as ABAC and PBAC lend themselves to more sophisticated access control rules that can include provisions for allowing more flexible identification schemes

(, p. 3)

Bibliography

See Also

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.