ATH-UC-05: Authentication using an eID

Use case ID

ATH-UC-01-AF-01

Use case name

Create a new account for a citizen using a security code via a mobile application

Actors

• Citizen

Short Description

Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using a third party application called Mydigipass to have a security code.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• an email address

• an account in the web application Mygipass (via an e-mail address)

• a smartphone with the application Mygipass

Post-Conditions

• The citizen has an account

• The citizen knows his credentials (the username, the password)

Steps

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

The application sends a request message to the SP

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and security code)

8

The citizen sends his/her credentials

9

The CSAM sends the credentials/certificate to the IDP

10

The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified

11

The SP returns a response message to the application to enable a first connection

Exceptions (exception flows)

• The citizen made an error when editing his/her credentials

• The creation is aborted (e.g. loss of connection)

• The security code has expired

Frequency

• Every time for a new citizen needs to create a new account via the mobile application Mydigipaas

Use case ID

ATH-UC-01-AF-02

Use case name

Create a new account for a citizen using itsme

Actors

• Citizen

Short Description

Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using his/her account on itsme.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• a phone number

• an account in itsme

• a smartphone with the application itsme

• a five secure code to confirm the operation on itsme

Post-Conditions

• The citizen has an account

• The citizen knows his credentials (the username, the password)

Steps

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

The application sends a request message to the SP

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)

10

The citizen sends his/her credentials

11

The CSAM sends the credentials/certificate to the IDP

12

The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified

The SP returns a response message to the application to enable a first connection

Exceptions (exception flows)

• The citizen made an error when editing his/her credentials (e.g. phone number)

• The creation is aborted (e.g. loss of connection)

Frequency

• Every time for a new citizen needs to create a new account via itsme

Use case ID

ATH-UC-01-EF-01

Use case name

The citizen made an error when editing his/her credentials

Actors

• Citizen

Short Description

This use case represents the situation when the citizen is trying to create a new account in the CSAM portal and he/she make an error when entering his/her credentials (e.g. an error un the e-mail address, an error in the password, etc.). This exception flow may be triggered by the basic flow and any alternative one.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• an e-mail address

• an eID card

• a code PIN of his/her eID card

• an account in the web application Mygipass

• a wireless card reader

Post-Conditions

• The creation of the account falls

Steps

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

The application sends a request message to the SP

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)

7

The citizen makes an error when entering his/her credentials to the CSAM

Frequency

• Every time for a new citizen needs to create a new account

Use case ID

ATH-UC-01-EF-02

Use case name

The creation is aborted (e.g. loss of connection)

Actors

• Citizen

Short Description

It denotes the exception use case when the citizen loses the connection and he/she will not be able to finish the authentication. It may happens at any step of the basic and alternative flows.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• an e-mail address

• an eID card

• a code PIN of his/her eID card

• an account in the web application Mygipass

• a wireless card reader

Post-Conditions

• The authentication is interrupted

Steps (basic flow)

Frequency

• Every time for a new citizen needs to create a new account and loses the connection

Use case ID

ATH-UC-01-EF-03

Use case name

The secure code has expired

Actors

• Citizen

Short Description

It is an exception that the citizen may encounter when he/she tries to connect to CSAM portal via the mobil application Mydigipass. Indeed, this application creates a secure code that is available only for 30 seconds and the citizen should finish the connection before the expiration of the code.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• an e-mail address

• an account in the web application Mygipass

Post-Conditions

• The authentication is interrupted

Steps (basic flow)

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

The application sends a request message to the SP

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)

7

The citizen connects to the Mydigipass application using his/her e-mail address to get the secure code

8

The secure code expired

Frequency

• Every time for a new citizen needs to create a new account using the mobile application Mydigipass and the secure code exipres

Use case ID

ATH-UC-01-EF-04

Use case name

The PIN of the eID card is not correct

Actors

• Citizen

Short Description

It denotes the use cas when the citizen tries to connect to the CSAM with his/her eID card and fails in entering the PIN.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The citizen has not an account

• The citizen has:

• an e-mail address

• an eID card

• a code PIN of his/her eID card

• a wireless card reader

Post-Conditions

• The authentication is interrupted

Steps (basic flow)

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card

7

The citizen tries to send his/her credentials with a wrong PIN.

8

The authentication is interrupted

Frequency

• Every time for a new citizen needs to create a new account and enter a wrong PIN