...
Basic flow
Flow | Specification | ||||||||
---|---|---|---|---|---|---|---|---|---|
Use case ID | ATH-UC-05-BF | ||||||||
Use case name | Authentication using an eID card | ||||||||
Actors |
| ||||||||
Short Description | This use case denotes the authentication of a user via an eID card. To do so, the user authenticates himself/herself via the mobile application interface. The IDP detects his/her identity and To connect his/her eID card, the citizen should have a wireless card reader. | ||||||||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||||||||
Pre-Conditions |
| ||||||||
Post-Conditions |
| ||||||||
Steps (basic flow) | 0 | The citizen user access to the WebSSO application interface to authenticate him/herself and choose the option eID (i.e. WebSSO) to create an account (first authentication) | |||||||
1 | The citizen connects for the first time to the applicationuser connects using his/her credentials (eID card + PIN) and the wireless card reader | ||||||||
2 | The application sends a an access request message to the Service Provider ( SP ) | ||||||||
3 | The SP sends a request message (i.e. ask authentication get SSO token) to an authentication request to the IDP | ||||||||
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | 5 | The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication) | user with the AA | |||||
5 | 6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card | 7 | The citizen sends his/her credentials | 8 | The CSAM returns the credentials/certificate to the IDP | 9 | The IDP sends a response message to the SP to inform it that the citizen user is now authenticated and identified | |
106 | The SP returns a response message to the application to enable a first connectionthe authentication | ||||||||
7 | The user is authenticated and can use the the services of the mobile application | ||||||||
Exceptions (exception flows) | The citizen made an error when editing his/her credentials
| ||||||||
Frequency |
|
Alternative flow 1
Flow | Specification |
---|
Use case ID | ATH-UC- |
05-AF-01 | |
Use case name |
Create a new account for a citizen using a security code via a mobile application
Actors
Citizen
Short Description
Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using a third party application called Mydigipass to have a security code.
Priority
1 (High)
Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions
The citizen has not an account
The citizen has:
an email address
an account in the web application Mygipass (via an e-mail address)
a smartphone with the application Mygipass
Post-Conditions
The citizen has an account
The citizen knows his credentials (the username, the password)
Steps
0
The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)
1
The citizen connects for the first time to the application
2
The application sends a request message to the SP
3
The SP sends a request message (i.e. ask authentication get SSO token) to the IDP
4
The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA
5
The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)
6
The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and security code)
8
The citizen sends his/her credentials
9
The CSAM sends the credentials/certificate to the IDP
10
The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified
11
The SP returns a response message to the application to enable a first connection
Exceptions (exception flows)
The citizen made an error when editing his/her credentials
The creation is aborted (e.g. loss of connection)
- The security code has expired
Frequency
Every time for a new citizen needs to create a new account via the mobile application Mydigipaas
Alternative flow 2
First authentication using an eID card (ATH-UC-(01,02,03,04)-BF) | ||
Actors | ||
Short Description |
Use case ID
ATH-UC-01-AF-02
Use case name
Create a new account for a citizen using itsme
Actors
Citizen
Short Description
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
The citizen has:
a phone number
an account in itsme
a smartphone with the application itsme
a five secure code to confirm the operation on itsme
Post-Conditions |
The citizen knows his credentials (the username, the password)
Steps | 0 |
1 |
The citizen connects for the first time to the application
2 |
3 |
4 |
5 |
The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)
6 |
7 |
8 |
9 |
10 |
The citizen sends his/her credentials
The CSAM sends the credentials/certificate to the IDP
12
The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified
13
The SP returns a response message to the application to enable a first connection
Exceptions (exception flows) |
The citizen made an error when editing his/her credentials (e.g. phone number)
The creation is aborted (e.g. loss of connection)
Frequency |
Every time for a new citizen needs to create a new account via itsme
Exception flow 1
Specification | ||
---|---|---|
Use case ID | ATH-UC-01-EF-01 | |
Use case name | The citizen made an error when editing his/her credentialsPIN of the eID card is not correct | |
Actors |
| |
Short Description | This It denotes the use case represents the situation when the citizen is trying to create a new account in the CSAM portal and he/she make an error when entering his/her credentials (e.g. an error un the e-mail address, an error in the password, etc.). This exception flow may be triggered by the basic flow and any alternative one.tries to authenticate with his/her eID card and fails in entering the PIN. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps (basic flow) | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) |
1 | The citizen connects for the first time to the application | |
2 | The application sends a request message to the Service Provider (SP) | |
3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | |
4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | |
5 | The IDP contact contacts the CSAM to ask it to create the certificate to the citizen (first authentication) | |
6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)using the eID card | |
7 | The citizen makes an error when entering tries to send his/her credentials to the CSAMwith a wrong PIN. | |
8 | The authentication is interrupted | |
Frequency |
|
Exception flow 2
Specification | ||
---|---|---|
Use case ID | ATH-UC-0105-EF-02 | |
Use case name | The creation is aborted (e.g. loss of connection, problem with the wireless card reader, the session is expired) | |
Actors |
| |
Short Description | It denotes the exception use case when the citizen loses the connection and he/she will not be able to finish the authentication. It may happens at any step of the basic and alternative flows. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps (basic flow) | ||
Frequency |
|
Exception flow 3
...
Use case ID
...
ATH-UC-01-EF-03
...
Use case name
...
The secure code has expired
...
Actors
...
Citizen
...
Short Description
...
It is an exception that the citizen may encounter when he/she tries to connect to CSAM portal via the mobil application Mydigipass. Indeed, this application creates a secure code that is available only for 30 seconds and the citizen should finish the connection before the expiration of the code.
...
Priority
...
1 (High)
Must have: The system must implement this goal/ assumption to be accepted.
...
Pre-Conditions
...
The citizen has not an account
The citizen has:
an e-mail address
an account in the web application Mygipass
...
Post-Conditions
...
The authentication is interrupted
...
Steps (basic flow)
...
0
...
The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)
...
1
...
The citizen connects for the first time to the application
...
2
...
The application sends a request message to the SP
...
3
...
The SP sends a request message (i.e. ask authentication get SSO token) to the IDP
...
4
...
The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA
...
5
...
The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)
...
6
...
The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)
...
7
...
The citizen connects to the Mydigipass application using his/her e-mail address to get the secure code
...
8
...
The secure code expired
...
Frequency
...
Every time for a new citizen needs to create a new account using the mobile application Mydigipass and the secure code exipres
Exception flow 4
Specification | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Use case ID | ATH-UC-01-EF-04 | ||||||||||||||||
Use case name | The PIN of the eID card is not correct | ||||||||||||||||
Actors |
| ||||||||||||||||
Short Description | It denotes the use cas when the citizen tries to connect to the CSAM with his/her eID card and fails in entering the PIN. | ||||||||||||||||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||||||||||||||||
Pre-Conditions |
| ||||||||||||||||
Post-Conditions |
| ||||||||||||||||
Steps (basic flow) | 0 | The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication) | |||||||||||||||
1 | The citizen connects for the first time to the application | 2 | The application sends a request message to the Service Provider (SP)3 | The SP sends a request message (i.e. ask authentication get SSO token) to the IDP | 4 | The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA | 5 | The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication) | 6 | The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card | 7 | The citizen tries to send his/her credentials with a wrong PIN. | 8 | The authentication is interrupted | Frequency |
|