...
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-2325-BF | ||
Use case name | Revoke a mandate from a HCP and check the access right to the data | ||
Actors |
| ||
Short Description | In order to check the access right of the HCP when trying to use a mandate, we propose to revoke a mandate from a HCP. Then, the HCP is logged in and he is supposed not to find the revoked mandate. we try to login | ||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 1 | The user connects via the mobile application | |
2 | The mobile application sends an openID connect authorization request to the IAM connect | ||
3 | The IAM connects redirects the message to the eHealth IDP in a browser | ||
4 | The IDP detects that there is not an open session with the NISS and the name of the user | ||
5 | The IDP redirects the request to the CSAM in order to open a session | ||
6 | The user selects the authentication way (i.e. itsme, eID, TOTP) | ||
7 | The user is authenticated and CSAM returns a SAML assertion to the IDP regarding the user | ||
8 | The user selects a profile. | ||
9 | The user searches the revoked mandate and he/she does not find it. | ||
Exceptions (exception flows) | |||
Frequency |
|
...