This version is a draft one and it will be enhanced as the sprints progress.
Used documentation
Cookbook/ materials | Version | Location |
---|---|---|
Identity & Authorization Management (I.AM) - Overview | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv |
Identity & Authorization Management (I.AM) - Identity Provider (IDP) | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/fr/data/file/view/d43784683d86392e68f1a95b860f721170f30c7b?name=ehealth_i.am_-_idp_v1.0.pdf |
CSAM Youtube channel | - | https://www.youtube.com/channel/UCzMGudd9xdMeGjYpbpjsXFw |
General information
TBC
Basic flow
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-05-BF | ||
Use case name | Authentication using an eID card | ||
Actors |
| ||
Short Description | Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDentity Provider (IDP) detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by giving his/her eID card for the first time. To connect his/her eID card, the citizen should have a wireless card reader. | ||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) | |
1 | The citizen connects for the first time to the application | ||
2 | The application sends a request message to the Service Provider (SP) | ||
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | ||
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | ||
5 | The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication) | ||
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card | ||
7 | The citizen sends his/her credentials | ||
8 | The CSAM returns the credentials/certificate to the IDP | ||
9 | The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified | ||
10 | The SP returns a response message to the application to enable a first connection | ||
Exceptions (exception flows) |
| ||
Frequency |
|
Alternative flow 1
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-01-AF-01 | ||
Use case name | Create a new account for a citizen using a security code via a mobile application | ||
Actors |
| ||
Short Description | Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using a third party application called Mydigipass to have a security code. | ||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) | |
1 | The citizen connects for the first time to the application | ||
2 | The application sends a request message to the SP | ||
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | ||
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | ||
5 | The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication) | ||
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and security code) | ||
7 | The citizen connects to the Mydigipass application using his/her e-mail address to get the security code | ||
8 | The citizen sends his/her credentials | ||
9 | The CSAM sends the credentials/certificate to the IDP | ||
10 | The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified | ||
11 | The SP returns a response message to the application to enable a first connection | ||
Exceptions (exception flows) |
| ||
Frequency |
|
Alternative flow 2
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-01-AF-02 | ||
Use case name | Create a new account for a citizen using itsme | ||
Actors |
| ||
Short Description | Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using his/her account on itsme. | ||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) | |
1 | The citizen connects for the first time to the application | ||
2 | The application sends a request message to the SP | ||
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | ||
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | ||
5 | The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication) | ||
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code) | ||
7 | The citizen choose the authentication option itsme | ||
8 | The citizen enter his/her phone number recognized by itsme | ||
9 | The citizen connects to the itsme application and confirm the operation | ||
10 | The citizen sends his/her credentials | ||
11 | The CSAM sends the credentials/certificate to the IDP | ||
12 | The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified | ||
13 | The SP returns a response message to the application to enable a first connection | ||
Exceptions (exception flows) |
| ||
Frequency |
|
Exception flow 1
Specification | ||
---|---|---|
Use case ID | ATH-UC-01-EF-01 | |
Use case name | The citizen made an error when editing his/her credentials | |
Actors |
| |
Short Description | This use case represents the situation when the citizen is trying to create a new account in the CSAM portal and he/she make an error when entering his/her credentials (e.g. an error un the e-mail address, an error in the password, etc.). This exception flow may be triggered by the basic flow and any alternative one. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) |
1 | The citizen connects for the first time to the application | |
2 | The application sends a request message to the SP | |
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | |
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | |
5 | The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication) | |
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code) | |
7 | The citizen makes an error when entering his/her credentials to the CSAM | |
Frequency |
|
Exception flow 2
Specification | ||
---|---|---|
Use case ID | ATH-UC-01-EF-02 | |
Use case name | The creation is aborted (e.g. loss of connection) | |
Actors |
| |
Short Description | It denotes the exception use case when the citizen loses the connection and he/she will not be able to finish the authentication. It may happens at any step of the basic and alternative flows. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps (basic flow) | ||
Frequency |
|
Exception flow 3
Spcification | ||
---|---|---|
Use case ID | ATH-UC-01-EF-03 | |
Use case name | The secure code has expired | |
Actors |
| |
Short Description | It is an exception that the citizen may encounter when he/she tries to connect to CSAM portal via the mobil application Mydigipass. Indeed, this application creates a secure code that is available only for 30 seconds and the citizen should finish the connection before the expiration of the code. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps (basic flow) | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) |
1 | The citizen connects for the first time to the application | |
2 | The application sends a request message to the SP | |
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | |
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | |
5 | The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication) | |
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code) | |
7 | The citizen connects to the Mydigipass application using his/her e-mail address to get the secure code | |
8 | The secure code expired | |
Frequency |
|
Exception flow 4
Specification | ||
---|---|---|
Use case ID | ATH-UC-01-EF-04 | |
Use case name | The PIN of the eID card is not correct | |
Actors |
| |
Short Description | It denotes the use cas when the citizen tries to connect to the CSAM with his/her eID card and fails in entering the PIN. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps (basic flow) | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) |
1 | The citizen connects for the first time to the application | |
2 | The application sends a request message to the Service Provider (SP) | |
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | |
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | |
5 | The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication) | |
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card | |
7 | The citizen tries to send his/her credentials with a wrong PIN. | |
8 | The authentication is interrupted | |
Frequency |
|