UC-001: Authentication using the mechanism of eHealth IDP (using FAS)

Use case ID

UC-001-EID

Use case name

Authentication using an eID card

Actors

• Citizen

• Healthcare giver
• Representative of an institution

Short Description

This use case denotes the authentication of a user via an eID card.

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The user has already an account

• The user has:

• an eID card

• a PIN code of his/her eID card

• a card reader

Post-Conditions

• The user is authenticated

• The user has access to the services of the mobile application

Steps (basic flow)

0

1

The user connects using his/her credentials (eID card + PIN) and the card reader

2

4

The AS sends a message to the IDP to identify the non authenticated user

5

The IDP checks the identity of the user with the AA 

6

The IDP sends a response message to the AA to inform it that the user is identified

8

The SP returns a response message to the application to enable the authentication

9

The user is authenticated and can use the the services of the mobile application

Exceptions (exception flows)

• The PIN of the eID card is not correct

• The creation is aborted (e.g. loss of connection, problem with the card reader, the session is expired)

Frequency

Use case ID

UC-001-EID-EF-01

Use case name

The PIN of the eID card is not correct

Actors

• Citizen

• Representative of an institution

• Healthcare giver

Short Description

It denotes the use case when the user tries to authenticate with his/her eID card and fails in entering the PIN.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The user has already an account

• The user has:

  • an eID card

  • a PIN code of his/her eID card

  • a card reader

Post-Conditions

• The authentication is interrupted
• An error message should be displayed

Steps (basic flow)

0

The user access to the WebSSO application interface to authenticate him/herself and choose the option eID

1

The user tries to connect using a wrong PIN code

2

Frequency

• Every time for a user needs to authenticate him/herself and enter a wrong PIN code

Use case ID

UC-001-ITSME

Use case name

Authentication using itsme

Actors

• Citizen

• Healthcare giver
• Representative of an institution

Short Description

This use case denotes the authentication of a user via itsme.

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The user has an account

• The user has:

  • a phone number

  • an account in itsme

  • a smartphone with the application itsme

  • a five secure code to confirm the operation on itsme

Post-Conditions

• The user is authenticated

• The user has access to the services of the mobile application

Steps (basic flow)

0

1

The user chooses to connect via itsme 

5

7

The AS sends a message to the IDP to identify the non authenticated user

8

The IDP checks the identity of the user with the AA 

9

The IDP sends a response message to the AS to inform it that the user is identified

11

The SP returns a response message to the application to enable the authentication

12

The user is authenticated and can use the the services of the mobile application

Exceptions (exception flows)

• The user makes an error when editing his/her credentials (e.g. The phone number of the user is not recognized by itsme)

• The creation is aborted (e.g. loss of connection, the session is expired)

Frequency

Use case ID

UC-001-TOTP

Use case name

Authentication via TOTP

Actors

• Citizen

• Healthcare giver
• Representative of an institution

Short Description

This use case denotes the authentication of a user via TOTP.

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The user has already an account

• The user has:

  • a username and a password

  • a smartphone with  a TOTP-based mobile application to get a security code

Post-Conditions

• The user is authenticated

• The user has access to the services of the mobile application

Steps (basic flow)

0

1

The user enters his/her username and his/her password

2

4

The user sends his/her credentials

5

The SP sends a request message to the authorization server (AS) to access to the IDentity Provide (IDP)

6

The AS sends a message to the IDP to identify the non authenticated user

8

The IDP sends a response message to the AS to inform it that the user is identified

9

The AS sends a message with the identify of the user to the SP

Exceptions (exception flows)

• The username or the password is not recognized

• The creation is aborted (e.g. loss of connection, the session is expired)

Frequency

Use case ID

UC-001-TOTP-EF-01

Use case name

The username or the password is not recognized

Actors

• Citizen

• Representative of an institution

• Healthcare giver

Short Description

It denotes the use case when the user tries to authenticate via a TOTP and fails in entering his credentials (username/password)

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

• The user has already an account

• The user has:

  • a username and a password
  • a smartphone with a TOTP-based mobile application to get a security code

Post-Conditions

• The authentication is interrupted
• An error message should be displayed

Steps (basic flow)

0

The user access to the WebSSO application interface to authenticate him/herself and choose to connect via a security code via mobile app (TOTP)

1

The user enters his/her username and his/her password

2

Frequency

• Every time for a user needs to authenticate him/herself and enter wrong credentials