As an agent,
I want to be alerted of resources when I have been added/removed to access control,
So that I can be aware of all resources I have access to.

Preconditions:

What conditions must be in place or assumed before this use case can begin?

• Some concept of "resources" exists
• Access control systems can have agents added to them
• In the case of attribute access control: it's assumed that attributes have an "issuer," some authority that issues this attribute to an agent. This could be implemented as a verifiable credential or some other mechanism. It is also assumed that each "attribute" is associated with an issuer or group of issuers. For example "I have given read access to all persons over the age of 18 according to an issuer from this list of government entities."

Trigger:

What (user or system) event or action initiates this use case?

• An agent's access to a resource is added/removed
• In the case of attribute-based access control, the trigger would be that access has been added/removed from an attribute.

Actors:

Describe the primary actor, and any other relevant actors involved in this use case

• Storage Server
• Some Agent that had its access added/removed
• In the case of attribute-based access control, the issuer of the attribute that was added/removed

Distinction:

What unique challenges or distinguishing factors (like technical issues, user experience needs, workflow integration, etc.) are associated with this use case?

• Networking scalability
• Preventing spam from overloading agents/servers

Scenario:

Describe an ideal or happy-case scenario where this use case would play out as intended.

• Access is added/removed for a resource
• The storage server discovers some way to notify the agents added/removed
• The agent is notified and may do what it wants with that information (for example, updating a personal index)

Alternative case(s):

What alternative flows or variations should the system handle for this use case?

In the case of attribute based access control

• Access is added/removed for a resource for an attribute
• The storage server discovers some way to notify the issuer associated with that attribute
• The issuer is notified and may do what it wants with that information (for example, updating an index)

Error scenario:

What unexpected issues or errors might arise, and how should the system handle them?

• Cannot discover the agent: the server ignores it

Acceptance Criteria:

What conditions or criteria must be met for this use case to be considered successfully handled? What limitations are acceptable?

References:

List any relevant resources or examples that could inform this use case, possibly from other domains or solutions.