Versions Compared

Old Version 5

changes.mady.by.user Rami Sellami

Saved on

compared with

New Version 6

changes.mady.by.user Rami Sellami

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Basic flow

Image RemovedThe citizen made an error when editing his/her credentials
FlowSpecification



Image Added

Use case ID

ATH-UC-05-BF

Use case name

Authentication using an eID card

Actors

  • Citizen

  • Healthcare giver
  • Representative of an institution

Short Description

This use case denotes the authentication of a user via an eID card. To do so, the user authenticates himself/herself via the mobile application interface. The IDP detects his/her identity and

To connect his/her eID card, the citizen should have a wireless card reader.


Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

  • The citizen user has not already an account

  • The citizen user has:

    • an e-mail address

    • an eID card

    • a PIN code PIN of his/her eID card

    • a wireless card reader

Post-Conditions

  • The citizen has an accountThe citizen knows his credentialsuser is authenticated

  • The user has access to the services of the mobile application

Steps (basic flow)

0

The citizen user access to the WebSSO application interface to authenticate him/herself and choose the option eID

(i.e. WebSSO) to create an account (first authentication)


1

The citizen connects for the first time to the applicationuser connects using his/her credentials (eID card + PIN) and the wireless card reader


2

The application sends a an access request message to the Service Provider ( SP

)


3

The SP sends a request message (i.e. ask authentication get SSO token)  to an authentication request to the IDP


4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication)

user with the AA 


5

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card

7

The citizen sends his/her credentials

8

The CSAM returns the credentials/certificate to the IDP

9

The IDP sends a response message to the SP to inform it that the citizen user is now authenticated and identified


106

The SP returns a response message to the application to enable a first connectionthe authentication


7

The user is authenticated and can use the the services of the mobile application

Exceptions (exception flows)

  • The PIN of the eID card is not correct

  • The creation is aborted (e.g. loss of connection, problem with the wireless card reader, the session is expired)

Frequency

  • Every time

for a new citizen needs to create a new account

  • the user needs to authenticate to the mobile application


Alternative flow 1

FlowSpecification
Image Removed











Use case ID

ATH-UC-

01

05-AF-01

Use case name

Create a new account for a citizen using a security code via a mobile application

Actors

  • Citizen

Short Description

Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using a third party application called Mydigipass to have a security code.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

  • The citizen has not an account

  • The citizen has:

    • an email address

    • an account in the web application Mygipass (via an e-mail address)

    • a smartphone with the application Mygipass

Post-Conditions

  • The citizen has an account

  • The citizen knows his credentials (the username, the password)

Steps

0

The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

1

The citizen connects for the first time to the application

2

The application sends a request message to the SP

3

The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

4

The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

5

The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

6

The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and security code)

7The citizen connects to the Mydigipass application using his/her e-mail address to get the security code

8

The citizen sends his/her credentials

9

The CSAM sends the credentials/certificate to the IDP

10

The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified

11

The SP returns a response message to the application to enable a first connection

Exceptions (exception flows)

  • The citizen made an error when editing his/her credentials

  • The creation is aborted (e.g. loss of connection)

  • The security code has expired

Frequency

  • Every time for a new citizen needs to create a new account via the mobile application Mydigipaas

Alternative flow 2

First authentication using an eID card (ATH-UC-(01,02,03,04)-BF)


Actors


Short Description

FlowSpecificationImage Removed

Use case ID

ATH-UC-01-AF-02

Use case name

Create a new account for a citizen using itsme

Actors

  • Citizen

Short Description

Create an account for the citizen. To do so, the citizen tries to authenticate himself/herself via the mobile application interface. The IDP detects that it consists on a first authentication and redirects the user to the CSAM portal. Hence, the citizen creates a new account by using his/her account on itsme.


Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

The citizen has not an account

  • The citizen has:

    • a phone number

    • an account in itsme

    • a smartphone with the application itsme

    • a five secure code to confirm the operation on itsme


    Post-Conditions

    The citizen has an account

  • The citizen knows his credentials (the username, the password)


    Steps

    0

    The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)



    1

    The citizen connects for the first time to the application



    2

    The application sends a request message to the SP



    3

    The SP sends a request message (i.e. ask authentication get SSO token) to the IDP



    4

    The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA



    5

    The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)



    6

    The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)



    		7
    The citizen choose the authentication option itsme


    8

    The citizen enter his/her phone number recognized by itsme



    9

    The citizen connects to the itsme application and confirm the operation



    10

    The citizen sends his/her credentials

    11

    The CSAM sends the credentials/certificate to the IDP

    12

    The IDP sends a response message to the SP to inform it that the citizen is now authenticated and identified

    13

    The SP returns a response message to the application to enable a first connection


    Exceptions (exception flows)

    • The citizen made an error when editing his/her credentials (e.g. phone number)

    • The creation is aborted (e.g. loss of connection)


    Frequency

    • Every time for a new citizen needs to create a new account via itsme



    Exception flow 1


    Specification

    Use case ID

    ATH-UC-01-EF-01

    Use case name

    The citizen made an error when editing his/her credentialsPIN of the eID card is not correct

    Actors

    • Citizen

    • Representative of an institution

    • Healthcare giver

    Short Description

    This It denotes the use case represents the situation when the citizen is trying to create a new account in the CSAM portal and he/she make an error when entering his/her credentials (e.g. an error un the e-mail address, an error in the password, etc.). This exception flow may be triggered by the basic flow and any alternative one.tries to authenticate with his/her eID card and fails in entering the PIN.

    Priority

    1 (High)

    Must have: The system must implement this goal/ assumption to be accepted.

    Pre-Conditions

    • The citizen user has not already an account

    • The citizen user has:

      • an
      • e-mail addressan
      • eID card

      • a PIN code

      • PIN

      • of his/her eID card

      • an account in the web application Mygipass

      • a wireless card reader

    Post-Conditions

    • The creation of the account fallsauthentication is interrupted

    Steps (basic flow)

    0

    The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)


    1

    The citizen connects for the first time to the application


    2

    		The application sends a request message to the Service Provider (SP)



    3

    The SP sends a request message (i.e. ask authentication get SSO token) to the IDP


    4

    The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA


    5

    The IDP contact contacts the CSAM to ask it to create the certificate to the citizen (first authentication)


    6

    The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)using the eID card


    7

    The citizen makes an error when entering tries to send his/her credentials to the CSAMwith a wrong PIN.


    8

    The authentication is interrupted

    Frequency

    • Every time for a new citizen needs to create a new account and enter a wrong PIN

    Exception flow 2

    Specification

    Use case ID

    ATH-UC-0105-EF-02

    Use case name

    The creation is aborted (e.g. loss of connection, problem with the wireless card reader, the session is expired)

    Actors

    • Citizen

    Short Description

    It denotes the exception use case when the citizen loses the connection and he/she will not be able to finish the authentication. It may happens at any step of the basic and alternative flows.

    Priority

    1 (High)

    Must have: The system must implement this goal/ assumption to be accepted.

    Pre-Conditions

    • The citizen has not an account

    • The citizen has:

      • an e-mail address

      • an eID card

      • a code PIN of his/her eID card

      • an account in the web application Mygipass

      • a wireless card reader

    Post-Conditions

    • The authentication is interrupted

    Steps (basic flow)



    Frequency

    • Every time for a new citizen needs to create a new account and loses the connection

    Exception flow 3

    ...

    Use case ID

    ...

    ATH-UC-01-EF-03

    ...

    Use case name

    ...

    The secure code has expired

    ...

    Actors

    ...

    • Citizen

    ...

    Short Description

    ...

    It is an exception that the citizen may encounter when he/she tries to connect to CSAM portal via the mobil application Mydigipass. Indeed, this application creates a secure code that is available only for 30 seconds and the citizen should finish the connection before the expiration of the code.

    ...

    Priority

    ...

    1 (High)

    Must have: The system must implement this goal/ assumption to be accepted.

    ...

    Pre-Conditions

    ...

    • The citizen has not an account

    • The citizen has:

      • an e-mail address

      • an account in the web application Mygipass

    ...

    Post-Conditions

    ...

    • The authentication is interrupted

    ...

    Steps (basic flow)

    ...

    0

    ...

    The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

    ...

    1

    ...

    The citizen connects for the first time to the application

    ...

    2

    ...

    The application sends a request message to the SP

    ...

    3

    ...

    The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

    ...

    4

    ...

    The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

    ...

    5

    ...

    The IDP contact CSAM to ask it to create the certificate to the citizen (first authentication)

    ...

    6

    ...

    The CSAM opens a new web browser page to invite the citizen to enter his/her credentials (username, password and secure code)

    ...

    7

    ...

    The citizen connects to the Mydigipass application using his/her e-mail address to get the secure code

    ...

    8

    ...

    The secure code expired

    ...

    Frequency

    ...

    • Every time for a new citizen needs to create a new account using the mobile application Mydigipass and the secure code exipres

    Exception flow 4

    The application sends a request message to the Service Provider (SP)
    Specification

    Use case ID

    ATH-UC-01-EF-04

    Use case name

    The PIN of the eID card is not correct

    Actors

    • Citizen

    Short Description

    It denotes the use cas when the citizen tries to connect to the CSAM with his/her eID card and fails in entering the PIN.

    Priority

    1 (High)

    Must have: The system must implement this goal/ assumption to be accepted.

    Pre-Conditions

    • The citizen has not an account

    • The citizen has:

      • an e-mail address

      • an eID card

      • a code PIN of his/her eID card

      • a wireless card reader

    Post-Conditions

    • The authentication is interrupted

    Steps (basic flow)

    0

    The citizen access to the application interface (i.e. WebSSO) to create an account (first authentication)

    1

    The citizen connects for the first time to the application

    2

    3

    The SP sends a request message (i.e. ask authentication get SSO token) to the IDP

    4

    The IDP checks the identity of the citizen and it does not find it in the authentic data source via the AA

    5

    The IDP contacts the CSAM to ask it to create the certificate to the citizen (first authentication)

    6

    The CSAM opens a new web browser page to invite the citizen to enter his/her credentials using the eID card

    7

    The citizen tries to send his/her credentials with a wrong PIN.

    8

    The authentication is interrupted

    Frequency

    • Every time for a new citizen needs to create a new account and enter a wrong PIN