iSHARE Trust Framework
Other resources
Version 2.1 (current version)
Version 2.1 (current version)
  • iSHARE Trust Framework
  • Introduction
    • Goals and scope of the iSHARE Trust Framework
    • Guiding principles
    • Governance
  • Releases
    • Release notes
    • Release planning
    • Version history
  • Main aspects of the iSHARE Trust Framework
    • Key functionality
      • Support Machine to Machine (M2M) interaction
      • Support Human to Machine (H2M) interaction
      • Facilitate portable identity(s) for parties and humans
      • Facilitate flexible authorizations, applicable in any context
      • Enable data exchange based on delegations - even between unknown parties
      • Enable control over own data through management of consent
      • Provide a Trust Framework
    • Technical overview
    • Framework and roles
    • Legal provisions
    • Operational provisions
  • Use cases
    • Use case: M2M interaction (with fine-grained authorization)
    • Use case: H2M interaction (with coarse-grained authorization)
    • Use case: portable identity
    • Use case: delegation (and management of consent)
  • Detailed descriptions
    • Functional
      • Primary use cases
        • 1. M2M service provision
          • 1b. M2M service provision with the EP as the delegation info PIP
          • 1c. M2M service provision with the AR as the delegation info PIP
          • M2M service provision including an app
        • 2. H2M service provision with identity info at the IP
          • Without Identity Broker
          • With Identity Broker
      • Secondary use cases
      • Licenses
      • Delegation paths
      • Functional requirements per role
        • Party identification
        • User interface requirements
    • Technical
      • Technical standards
      • Structure of delegation evidence
        • Example cases
    • Operational
      • Operational processes
        • Admission
        • Withdrawal or Downgrade
        • Warnings, Suspension and Exclusion
        • Incident Management
        • Change Management
        • Management reporting
      • Service levels
        • Service levels for Adhering Parties
        • Service levels for Certified Parties
      • Communication
    • Legal
      • Legal context
        • Dutch Civil Code
        • Regulation on Electronic Identification and Trust Services (eIDAS)
        • Applicable competition law
        • General Data Protection Regulation (GDPR)
  • Glossary and legal notices
    • Glossary
    • Legal notices
    • Assumptions
Powered by GitBook
LogoLogo

  • Cookie Policy

  • Privacy Policy

  • Imprint

  • Contact Us

Copyright © 2024 iSHARE Foundation

On this page
  • Description without Identity Broker
  • Sequence diagram without Identity Broker
  1. Detailed descriptions
  2. Functional
  3. Primary use cases
  4. 2. H2M service provision with identity info at the IP

Without Identity Broker

This use case would look as follows without an Identity Broker:

Previous2. H2M service provision with identity info at the IPNextWith Identity Broker

Last updated 1 month ago

Legal view

Prerequisite registration

Interaction

Description without Identity Broker

It is prerequisite of this use case that:

  • The Service Provider has and manages its own authorization information indicating what Entitled Parties are entitled to what (parts of) services*;

  • The Service Consumer has and manages its own authorization information indicating which Human Service Consumers are authorized to act on its behalf**;

  • The delegation/authorization responsible at the Service Consumer registers the authorization information at the Authorization Registry;

  • The Service Provider is able to authenticate the Human Service Consumer;

  • The Identity Provider is able to authenticate the Service Provider;

  • The Service Provider is able to authenticate the Identity Provider;

  • The Human Service Consumer has been issued identity credentials by the Identity Provider.

  • In this use case, the Entitled Party is also the Service Consumer.

*The Service Provider can outsource this function to a third party

**The Service Consumer can outsource this function to a third party

The use case consists of the following steps:

(Numbers are intended to explain the use case flow, it might vary from the diagram due to multiple authorization methods)

  1. The Human Service Consumer requests a service from the Service Provider.

  2. The Service Provider asks the Human Service Consumer for their Identity Provider information.

  3. The Human Service Consumer provides Identity Provider information to the Service Provider.

  4. The Service Provider requests a login from the Identity Provider.

  5. The Identity Provider requests credentials from the Human Service Consumer.

  6. The Human Service Consumer provides credentials to the Identity Provider.

  7. The Identity Provider authenticates the Human Service Consumer.

  8. The Identity Provider provides an identity token to the Service Provider.

  9. The Service Provider validates the Identity Provider’s iSHARE certification and the identity token of the Human Service Consumer.

  11. The Service Provider validates authorization and iSHARE adherence of the Service Consumer.

  12. The Service Provider executes the requested service and provides the service result to the Human Service Consumer.

Methods of authorization

Diagram 1: Authorization via Identity Provider Checking Authorization Registry (AR)

Diagram 2: Authorization via Participant Registry Verifying Service Consumer Before Authorization Check

Diagram 3: Authorization via Identity Provider Providing an Authorization Link to the Service Provider

Sequence diagram without Identity Broker

The Service Provider validates the Human Service Consumer based on the authorization token (Refer to on how an authorization token is obtained)

methods of authorization
Authorization via Identity Provider Checking Authorization Registry (AR)
Authorization via Identity Provider Providing an Authorization Link to the Service Provider
Authorization via Authorization Registry Verifying Service Consumer getting details from Participant Registry before Authorization Check