iSHARE Trust Framework
Other resources
Version 2.1 (current version)
Version 2.1 (current version)
  • iSHARE Trust Framework
  • Introduction
    • Goals and scope of the iSHARE Trust Framework
    • Guiding principles
    • Governance
  • Releases
    • Release notes
    • Release planning
    • Version history
  • Main aspects of the iSHARE Trust Framework
    • Key functionality
      • Support Machine to Machine (M2M) interaction
      • Support Human to Machine (H2M) interaction
      • Facilitate portable identity(s) for parties and humans
      • Facilitate flexible authorizations, applicable in any context
      • Enable data exchange based on delegations - even between unknown parties
      • Enable control over own data through management of consent
      • Provide a Trust Framework
    • Technical overview
    • Framework and roles
    • Legal provisions
    • Operational provisions
  • Use cases
    • Use case: M2M interaction (with fine-grained authorization)
    • Use case: H2M interaction (with coarse-grained authorization)
    • Use case: portable identity
    • Use case: delegation (and management of consent)
  • Detailed descriptions
    • Functional
      • Primary use cases
        • 1. M2M service provision
          • 1b. M2M service provision with the EP as the delegation info PIP
          • 1c. M2M service provision with the AR as the delegation info PIP
          • M2M service provision including an app
        • 2. H2M service provision with identity info at the IP
          • Without Identity Broker
          • With Identity Broker
      • Secondary use cases
      • Licenses
      • Delegation paths
      • Functional requirements per role
        • Party identification
        • User interface requirements
    • Technical
      • Technical standards
      • Structure of delegation evidence
        • Example cases
    • Operational
      • Operational processes
        • Admission
        • Withdrawal or Downgrade
        • Warnings, Suspension and Exclusion
        • Incident Management
        • Change Management
        • Management reporting
      • Service levels
        • Service levels for Adhering Parties
        • Service levels for Certified Parties
      • Communication
    • Legal
      • Legal context
        • Dutch Civil Code
        • Regulation on Electronic Identification and Trust Services (eIDAS)
        • Applicable competition law
        • General Data Protection Regulation (GDPR)
  • Glossary and legal notices
    • Glossary
    • Legal notices
    • Assumptions
Powered by GitBook
LogoLogo

  • Cookie Policy

  • Privacy Policy

  • Imprint

  • Contact Us

Copyright © 2024 iSHARE Foundation

On this page
  • Roles
  • Depiction
  • Description
  • Sequence diagram
  1. Detailed descriptions
  2. Functional
  3. Primary use cases
  4. 1. M2M service provision

1b. M2M service provision with the EP as the delegation info PIP

Previous1. M2M service provisionNext1c. M2M service provision with the AR as the delegation info PIP

Last updated 10 months ago

In use case 1b, a service is provided by the Service Provider to the Machine Service Consumer. The Service Consumer has been delegated by the Entitled Party.

Roles

Delegation info PIP

No delegation

Service Provider

Entitled Party

Authorization Reg

Use case variation

1a

1b

Note that interaction sequences are not described in the table above. In derived use case 1b, three interaction sequences are possible depending on who requests delegation info from the PIP:

  1. The Service Provider can request delegation info after a service request from the Service Consumer;

  2. The Machine Service Consumer can request delegation info and include it in its service request to the Service Provider;

  3. The Entitled Party can push delegation info to the Machine Service Consumer, so it can include it in its service request to the Service Provider.

Interaction sequence 3 is detailed below.

Depiction

Legal relations

Note that no prior legal relation exists between the Service Consumer and the Service Provider. Which services can be consumed by the Service Consumer, as delegated by the Entitled Party, is set out in the mandatory relation between this Entitled Party and the Service Provider.

Prerequisite registration

Use case interaction

Description

It is prerequisite of this use case that:

  • The Service Provider has and manages its own entitlement information indicating what Entitled Parties are entitled to what (parts of) services*;

  • The Service Consumer is able to authenticate the Service Provider;

  • The Service Provider is able to authenticate the Service Consumer;

  • The delegation/authorization responsible at the Entitled Party delegates (part of) the Entitled Party's rights (as registered at the Service Provider) to the Service Consumer. He provides the Machine Service Consumer of the Service Consumer with evidence of this delegation.

*The Service Provider can outsource this function to a third party

The use case consists of the following steps:

  1. The Machine Service Consumer requests a service from the Service Provider. With this requests it includes the evidence obtained from the Entitled Party;

  2. The Service Provider authenticates the Machine Service Consumer and validates the iSHARE adherence of the Service Consumer;

  3. The Service Provider validates the received delegation evidence through the following steps:

    1. The Service Provider authenticates the Entitled Party and validates its iSHARE adherence based on the delegation evidence;

    2. The Service Provider authorizes the Entitled Party based on the entitlement information registered with the Service Provider.

  4. The Service Provider authorizes the Machine Service Consumer of the Service Consumer based on the validity of the delegation evidence;

  5. The Service Provider executes the requested service;

  6. The Service Provider provides the service result to the Machine Service Consumer.

Sequence diagram

1
1c