From b39685219883a61c79d976577ea5ea9d0dbbd40d Mon Sep 17 00:00:00 2001 From: zenomt Date: Sun, 24 Nov 2019 15:44:36 -0800 Subject: [PATCH 1/2] add asymmetrical connectivity use cases --- UseCases.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/UseCases.md b/UseCases.md index 141b49f3..51b59837 100644 --- a/UseCases.md +++ b/UseCases.md @@ -51,3 +51,16 @@ - Blogs wants to read data about Alice’s interests - Alice does not want Blogs to get data about her interests - Blogs continually asks Alice to grant it access to her interests and Alice is annoyed with the incessant asking + - Alice uses or is developing http://localhost:8080 to view her photos + - Alice's Identity Provider can't reach Alice's `localhost:8080` + - Alice's Pod can't reach Alice's `localhost:8080` + - Alice uses https://coolcode.int.enterprise.example to edit code stored in Customer Bob's Pod + - *CoolCode* is deployed behind Enterprise.Example's company firewall + - *CoolCode* is proprietary to Enterprise.Example; or + - *CoolCode* is a commercial product that is deployed on-premises at Enterprise.Example's datacenter + - Alice's Identity Provider can't reach https://coolcode.int.enterprise.example + - Customer Bob's Pod can't reach https://coolcode.int.enterprise.example + - Alice uses https://photoOrganizer.example to organize photos on her company's private storage server https://storage.private.enterprise.example + - `storage.private.enterprise.example`'s TLS certificate is signed by Enterprise.Example's private Certificate Authority + - Alice's web browser is configured to trust Enterprise.Example's private Certificate Authority + - `storage.private.enterprise.example` is reachable from the public Internet, so Alice's Identity Provider and *photoOrganizer* could reach it; however, neither is configured to trust Enterprise.Example's private Certificate Authority From 2d00143bb849a9bc44344d0a8d9d2a5ae55963dc Mon Sep 17 00:00:00 2001 From: zenomt Date: Wed, 27 Nov 2019 15:17:44 -0800 Subject: [PATCH 2/2] UseCases changes per @jaxoncreed --- UseCases.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/UseCases.md b/UseCases.md index 51b59837..2f46e1ca 100644 --- a/UseCases.md +++ b/UseCases.md @@ -51,15 +51,15 @@ - Blogs wants to read data about Alice’s interests - Alice does not want Blogs to get data about her interests - Blogs continually asks Alice to grant it access to her interests and Alice is annoyed with the incessant asking - - Alice uses or is developing http://localhost:8080 to view her photos - - Alice's Identity Provider can't reach Alice's `localhost:8080` - - Alice's Pod can't reach Alice's `localhost:8080` - - Alice uses https://coolcode.int.enterprise.example to edit code stored in Customer Bob's Pod - - *CoolCode* is deployed behind Enterprise.Example's company firewall + - Alice uses, is developing, or is testing an app deployed to http://localhost:8080 + - Note that Alice's Identity Provider can't reach Alice's `localhost:8080` + - Note that Alice's Pod can't reach Alice's `localhost:8080` + - Alice uses an app deployed behind a NAT or firewall (while her browser is also behind the same NAT or firewall) that accesses resources outside the NAT or firewall; for example, Alice uses https://coolcode.int.enterprise.example to edit code stored in Customer Bob's Pod + - *CoolCode* is deployed behind Enterprise.Example's company firewall and is not dereferenceable from the outside, for example because - *CoolCode* is proprietary to Enterprise.Example; or - *CoolCode* is a commercial product that is deployed on-premises at Enterprise.Example's datacenter - - Alice's Identity Provider can't reach https://coolcode.int.enterprise.example - - Customer Bob's Pod can't reach https://coolcode.int.enterprise.example + - Note that Alice's Identity Provider can't reach https://coolcode.int.enterprise.example + - Note that Customer Bob's Pod can't reach https://coolcode.int.enterprise.example - Alice uses https://photoOrganizer.example to organize photos on her company's private storage server https://storage.private.enterprise.example - `storage.private.enterprise.example`'s TLS certificate is signed by Enterprise.Example's private Certificate Authority - Alice's web browser is configured to trust Enterprise.Example's private Certificate Authority