Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
Actors: unidentified-user, cloud-subscriber, cloud-provider.
Goals: Cloud-provider terminates a cloud-subscriber's account.
Assumptions: A cloud-provider determines that a cloud-subscriber's account should be terminated per the terms of the SLA. The issue of multiple accounts for a cloud-subscriber is not considered part of the scope of this use case, nor is the issue of retaining sufficient information to recognize an abusive cloud-subscriber trying to create a new account to continue the abuse.
Success Scenarios: (terminate, IaaS, PaaS, SaaS): Possible reasons for termination may be that the cloud-subscriber has violated acceptable usage guidelines (e.g., by storing illegal content, conducting cyber attacks, or misusing software licenses), or that the cloud-subscriber is no longer paying for service. The cloud-provider sends a notice to the cloud-subscriber explaining the termination event and any actions the cloud-subscriber may take to avoid it (e.g., paying overdue bills, deleting offending content) or to gracefully recover data. Optionally, the cloud-provider may freeze the cloud-subscriber's account pending resolution of the issues prompting the termination.
If the cloud-subscriber can pay for disposition of data currently stored in the cloud-provider's system, and performing the requested disposition actions is legal, the cloud-provider performs the requested actions, charges the cloud-subscriber according to the terms of the service, notifies the cloud-subscriber that the account has been terminated, deletes the cloud-subscriber's payment information from the cloud-provider's system, and revokes the cloud-subscriber's identity credentials. At this point, the cloud-subscriber becomes an unidentified-user.
Failure Conditions and Handling: If a cloud-subscriber prevents the termination by correcting the reason for termination (e.g., paying a late bill), then that could be seen as a failure of the use case in the sense that the termination does not occur.
Credit: Various cloud-provider SLAs and customer agreements