iSHARE Trust Framework
Other resources
Version 2.1 (current version)
Version 2.1 (current version)
  • iSHARE Trust Framework
  • Introduction
    • Goals and scope of the iSHARE Trust Framework
    • Guiding principles
    • Governance
  • Releases
    • Release notes
    • Release planning
    • Version history
  • Main aspects of the iSHARE Trust Framework
    • Key functionality
      • Support Machine to Machine (M2M) interaction
      • Support Human to Machine (H2M) interaction
      • Facilitate portable identity(s) for parties and humans
      • Facilitate flexible authorizations, applicable in any context
      • Enable data exchange based on delegations - even between unknown parties
      • Enable control over own data through management of consent
      • Provide a Trust Framework
    • Technical overview
    • Framework and roles
    • Legal provisions
    • Operational provisions
  • Use cases
    • Use case: M2M interaction (with fine-grained authorization)
    • Use case: H2M interaction (with coarse-grained authorization)
    • Use case: portable identity
    • Use case: delegation (and management of consent)
  • Detailed descriptions
    • Functional
      • Primary use cases
        • 1. M2M service provision
          • 1b. M2M service provision with the EP as the delegation info PIP
          • 1c. M2M service provision with the AR as the delegation info PIP
          • M2M service provision including an app
        • 2. H2M service provision with identity info at the IP
          • Without Identity Broker
          • With Identity Broker
      • Secondary use cases
      • Licenses
      • Delegation paths
      • Functional requirements per role
        • Party identification
        • User interface requirements
    • Technical
      • Technical standards
      • Structure of delegation evidence
        • Example cases
    • Operational
      • Operational processes
        • Admission
        • Withdrawal or Downgrade
        • Warnings, Suspension and Exclusion
        • Incident Management
        • Change Management
        • Management reporting
      • Service levels
        • Service levels for Adhering Parties
        • Service levels for Certified Parties
      • Communication
    • Legal
      • Legal context
        • Dutch Civil Code
        • Regulation on Electronic Identification and Trust Services (eIDAS)
        • Applicable competition law
        • General Data Protection Regulation (GDPR)
  • Glossary and legal notices
    • Glossary
    • Legal notices
    • Assumptions
Powered by GitBook
LogoLogo

  • Cookie Policy

  • Privacy Policy

  • Imprint

  • Contact Us

Copyright © 2024 iSHARE Foundation

On this page
  1. Detailed descriptions
  2. Functional

Secondary use cases

PreviousWith Identity BrokerNextLicenses

Last updated 2 months ago

iSHARE Trust Framework's are supported by seven secondary use cases. These include:

  • Processes related to registration;

  • Processes that recur in primary use cases.

Processes related to registration

These four secondary use cases need to be completed before any, or specific, primary use cases can be initiated.

Any party needs to:

1a. Register adherence/certification in the Participant Registry

and later needs to be able to:

1b. Modify adherence/certification in the Participant Registry

Before initiating Human to Machine use cases, the Service Consumer needs to:

2a. Create Service Consumer and/or Human Service Consumer identity at Identity Provider Prerequisites:

  • An agreement needs to be in place between Service Consumer and Identity Provider;

later, a Service Consumer needs to be able to:

2b. Modify Service Consumer and/or Human Service Consumer identity at Identity Provider

When delegating rights, the Entitled Party needs to:

3a. Register delegation at Service Provider, Entitled Party, or Authorization Registry Prerequisite:

  • For registration at Service Provider or Authorization Registry, an agreement needs to be in place between Entitled Party and Service Provider or Authorization Registry.

later, an Entitled Party needs to be able to:

3b. Modify delegation at Service Provider, Entitled Party, or Authorization Registry

When authorizing something or -one, the Service Consumer needs to:

4a. Register authorization at Service Provider, Entitled Party, or Authorization Registry Prerequisite:

  • For registration at Service Provider or Authorization Registry, an agreement needs to be in place between Service Consumer and Service Provider or Authorization Registry.

later, a Service Consumer needs to be able to:

4b. Modify authorization at Service Provider, Entitled Party, or Authorization Registry

Processes that recur in primary use cases

These three secondary use cases form the wiring of all primary use cases. Without them, primary use cases cannot be completed successfully.

In any primary use case, any party needs to:

5a. Check whether its counterparty is iSHARE adherent/certified (with the Participant Registry)

5b. Check whether its counterparty’s certificate is valid

In any primary use case, the Service Provider also needs to:

6. Determine an authorization decision based on entitlement-, delegation-, and/or authorization info in its own contract administration and/or from external PIPs

When delegation- or authorization info is requested by a Service Provider, an Authorization Registry or Entitled Party also needs to:

7. Determine authorization decision based on Service Consumer assertion included in Service Provider’s request

Please note that the secondary use cases will not be detailed more than the above. No depictions or sequence diagrams are to be developed (contrary to for the primary use cases). This (deliberately) leaves freedom in implementation. This specifically accounts for the registration of delegations: the way in which delegations are registered (as policies, business rules, in a separate register, or on top of existing applications) is not defined.

three primary use cases