# Use case: M2M interaction (with fine-grained authorization)

This use case showcases iSHARE Trust Framework's key functionality '[support Machine to Machine (M2M) interaction](https://framework.ishare.eu/version-2.2/main-aspects-of-the-ishare-trust-framework/key-functionality/support-machine-to-machine-m2m-interaction)'.

The example described in the linked chapter is as follows:

* Every day, the ERP system (machine) of Party A requests a status update from the ERP system (machine) of Party B. Party B's ERP system automatically responds with the requested status update. No humans are needed to interfere.

To showcase the key functionality '[facilitate flexible authorizations](https://framework.ishare.eu/version-2.2/main-aspects-of-the-ishare-trust-framework/key-functionality/facilitate-flexible-authorizations-applicable-in-any-context)', Party A's ERP system (machine) is ONLY allowed to request status updates concerning line X of bill of lading Y. This can be considered a fine-grained authorization.

The following explains this example in detail, utilising the iSHARE Trust Framework.

### Roles and Relations <a href="#usecase-m2minteraction-withfine-grainedauthorization-rolesandrelations" id="usecase-m2minteraction-withfine-grainedauthorization-rolesandrelations"></a>

The following roles are fulfilled in this use case:

* Party A requests a status update, so it is the legal entity fulfilling the **Service Consumer**-role;
* Party B responds with the status update, so it is the legal entity fulfilling the **Service Provider**-role;
* No delegation takes place, so Party A also fulfils the **Entitled Party**-role;
* As this is a M2M use case, a **Machine Service Consumer** represents Party A.

The only **legal relation** is the mandatory relation between the Entitled Party (Party A) and the Service Provider (Party B), which establishes the entitlements of the Entitled Party (Party A). As depicted:

<figure><img src="https://3919494753-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzzhDvZUvcb2VsHvLXh89%2Fuploads%2Fgit-blob-ecb48add6b7ecbf64da5f3b9a7981a0400243eff%2Fimage%20(28).png?alt=media" alt=""><figcaption></figcaption></figure>

### Prerequisites <a href="#usecase-m2minteraction-withfine-grainedauthorization-prerequisites" id="usecase-m2minteraction-withfine-grainedauthorization-prerequisites"></a>

It is prerequisite of this use case that:

* The Service Provider (Party B) has and manages its own entitlement information indicating what Entitled Parties are entitled to what (parts of) services, i.e. Party B has information indicating that Party A is allowed to request status updates concerning line X of bill of lading Y from its ERP system;
* The Service Consumer (Party A) is able to authenticate the Service Provider (Party B);
* The Service Provider (Party B) is able to authenticate the Service Consumer (Party A).

### Use case <a href="#usecase-m2minteraction-withfine-grainedauthorization-usecase" id="usecase-m2minteraction-withfine-grainedauthorization-usecase"></a>

The use case consists of the following steps:

1. The Machine Service Consumer (of Party A) requests a service from the Service Provider (Party B);
2. The Service Provider (Party B) authenticates the Machine Service Consumer (of Party A) and validates the iSHARE adherence of the Service Consumer (Party A);
3. The Service Provider (Party B) authorizes the Machine Service Consumer of the Service Consumer (Party A) based on the entitlement information registered with the Service Provider (Party B);
4. The Service Provider (Party B) executes the requested service;
5. The Service Provider (Party B) provides the service result to the Machine Service Consumer (of Party A).

As depicted:

<figure><img src="https://3919494753-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzzhDvZUvcb2VsHvLXh89%2Fuploads%2Fgit-blob-f9ea7bfaf778e753c99853147c51ccac4c997d77%2Fimage%20(3)%20(1)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

Note that this use case is exactly the same as primary use case 1, as found under [detailed Functional descriptions](https://framework.ishare.eu/version-2.2/detailed-descriptions/functional).

### Sequence diagram <a href="#usecase-m2minteraction-withfine-grainedauthorization-sequencediagram" id="usecase-m2minteraction-withfine-grainedauthorization-sequencediagram"></a>

<figure><img src="https://3919494753-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzzhDvZUvcb2VsHvLXh89%2Fuploads%2Fgit-blob-dbe65bccc9e4250815c5af7d18aab8bc25053a17%2Fimage%20(4)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

What needs to be implemented technically for this use case is described [generically](https://framework.ishare.eu/version-2.2/detailed-descriptions/technical/technical-standards), and specifically per role in the [iSHARE Developer Portal](https://app.gitbook.com/o/Qzg8z1T4h1fZNOPhEzay/s/hIVZwp4ZxhYhb39SlKH3/).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://framework.ishare.eu/version-2.2/use-cases/use-case-m2m-interaction-with-fine-grained-authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.