Page History

Table of Contents

Used documentation

Cookbook/ materials

Version

Location

Identity & Authorization Management (I.AM) - Overview

1.0

https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv

Identity & Authorization Management (I.AM) - Identity Provider (IDP)

1.0

https://www.ehealth.fgov.be/ehealthplatform/fr/data/file/view/d43784683d86392e68f1a95b860f721170f30c7b?name=ehealth_i.am_-_idp_v1.0.pdf

CSAM Youtube channel

-

https://www.youtube.com/channel/UCzMGudd9xdMeGjYpbpjsXFw

itsme video

-

Widget Connector

url	https://www.youtube.com/watch?v=yadk2bw0l0I

General information

...

In the figure below, we provide an overview about the interaction between the different services of the e-health platform involved in the IAM. It is noteworthy that the presented architecture is dedicated to the WebSSO solution.
Image RemovedImage Added

Basic flow

Flow	Specification

Image Removed

Image Added	Use case ID	ATH-UC-06-BF
	Use case name	Authentication using

an eID card

itsme
Actors	Citizen Healthcare giver Representative of an institution
Short Description	This use case denotes the authentication of a user via

an eID card

itsme.

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

The user has

already

an account

The user

The user has:

an eID card

a PIN code of his/her eID card

a wireless card reader

a phone number an account in itsme a smartphone with the application itsme a five secure code to confirm the operation on itsme
Post-Conditions	The user is authenticated The user has access to the services of the mobile application
Steps (basic flow)	0	The user

access

accesses to the WebSSO application interface to authenticate him/herself

and choose the option eID

1

The user connects using his/her credentials (eID card + PIN) and the wireless card reader


	1	The user chooses to connect via itsme
	2	The user enters his/her phone number recognized by itsme
	3	The user connects to the itsme application and confirms the operation
	4	The user sends his/her credentials
	5

2

The application sends an access request to the SP

3

6

The SP sends

an authentication request

a request message to the AS to access to the IDP
	7	The AS sends a message to the IDP

4

to identify the non authenticated user
	8	The IDP checks the identity of the user with the AA

5

9

The IDP sends a response message to the

SP

AS to inform it that the user is identified

6

	10	The AS sends a message with the identity of the user to the SP
	11	The SP returns a response message to the application to enable the authentication

7

	12	The user is authenticated and can use the the services of the mobile application
Exceptions (exception flows)	The

PIN of the eID card is not correct

user makes an error when editing his/her credentials (e.g. The phone number of the user is not recognized by itsme)
The creation is aborted (e.g. loss of connection

, problem with the wireless card reader

, the session is expired)
Frequency	Every time the user needs to authenticate to the mobile application

Alternative flow 1

Specification
Use case ID	ATH-UC-06-AF-01
Use case name	First authentication

using an eID card

using itsme
Actors	Citizen Healthcare giver Representative of an institution
Short Description	Depending on the profile of the actor, this alternative flow will be instantiated by one of the four use cases dedicated to the creation of a new account (refer to the basic flows): ATH-UC-01, ATH-UC-02, ATH-UC-03, ATH-UC-04. To implement this flow, the user should authenticate him/herself in the mobile application using itsme.
Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions	The user has not an account The user has:

an e-mail address

- a phone number
- an

eID card

a code PIN of his/her eID card

a wireless card reader

account in itsme a smartphone with the application itsme a five secure code to confirm the operation on itsme
Post-Conditions	The user has an account The user knows his credentials The user is authenticated The user has access to the services of the mobile application
Steps	For more details and depending on the type of the actor, see: The citizen - ATH-UC-01 The mandated citizen - ATH-UC-02 The healthcare giver - ATH-UC-03 The institution representative - ATH-UC-04
Exceptions (exception flows)	The

citizen made

user makes an error when editing his/her credentials

The PIN

(e.g. The phone number of the

eID card

user is not

correct

recognized by itsme) The creation is aborted (e.g. loss of connection, the session is expired)
Frequency	Every time the user wants to authenticate him/herself and he/she does not have an account.

Exception flow 1

Specification
Use case ID	ATH-UC-06-EF-01
Use case name	The

PIN of the eID card is not correct

user makes an error when editing his/her credentials
Actors	Citizen Representative of an institution Healthcare giver
Short Description

It denotes the

This use case represents the situation when

the

the user

tries

is trying to

authenticate with his/her eID card and fails in entering the PIN

connect with the itsme and he/she make an error when entering his/her credentials (e.g. The phone number of the user is not recognized by itsme). This exception flow may be triggered by the basic flow and any alternative one.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

The user has

already

an

account

account

The user

The user has:
- a phone number
- an

eID card

a PIN code of his/her eID card

a wireless card reader

account in itsme a smartphone with the application itsme a five secure code to confirm the operation on itsme
Post-Conditions	The

authentication is interrupted

creation of the account falls An error message should be displayed
Steps

Steps (basic flow)

0

The user

access

accesses to the WebSSO application interface to authenticate him/herself

and choose the option eID


	1

The user

The user tries to connect

using a wrong PIN code

to the application via itsme
	2	The

authentication is interrupted

user makes an error when entering his/her credentials
Frequency	Every time for a user needs to

authenticate him

authenticate him/herself and

enter a wrong PIN code

makes an error when entering his/her credentials

Exception flow 2

Specification
Use case ID	ATH-UC-06-EF-02
Use case name	The creation is aborted (e.g. loss of connection, problem with the wireless card reader, the session is expired)
Actors	Citizen Representative of an institution Healthcare giver
Short Description	It denotes the exception use case when the user loses the connection and he/she will not be able to finish the authentication. It may happens at any step of the basic and alternative flows.
Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions	The user has already an account The user has: an eID card a PIN code of his/her eID card a wireless card reader
Post-Conditions	The authentication is interrupted An error message should be displayed
Steps (basic flow)
Frequency	Every time for a user needs to authenticate him/herself and loses the connection

Page tree

Versions Compared

Old Version 3

New Version Current

Key

Used documentation

General information

In the figure below, we provide an overview about the interaction between the different services of the e-health platform involved in the IAM. It is noteworthy that the presented architecture is dedicated to the WebSSO solution.
Image RemovedImage Added

Basic flow

Alternative flow 1

Exception flow 1

Exception flow 2

Page tree

Page History

Versions Compared

Old Version 3

New Version Current

Key

Used documentation

General information

In the figure below, we provide an overview about the interaction between the different services of the e-health platform involved in the IAM. It is noteworthy that the presented architecture is dedicated to the WebSSO solution. Image RemovedImage Added

Basic flow

Alternative flow 1

Exception flow 1

Exception flow 2

In the figure below, we provide an overview about the interaction between the different services of the e-health platform involved in the IAM. It is noteworthy that the presented architecture is dedicated to the WebSSO solution.
Image RemovedImage Added