elering-19
Authenticate data users
1. Description of the Use Case
1.1. Name of the Use Case
| ID | Area /Domain(s)/Zone(s) | Name of the Use Case |
|---|---|---|
| 1 | Access to data, Market for flexibilities, Operational planning and forecasting, Services related to end customers, Balance management, | elering-19 |
1.2. Version Management
| Version No. | Date | Name of author(s) | Changes | Approval status |
|---|---|---|---|---|
| 1 | 2018-04-12T00:00:00 | Kalle Kukk (Elering), | ||
| 2 | 2018-06-01T00:00:00 | Kalle Kukk (Elering), Georg Rute (Elering), | ||
| 3 | 2018-06-28T00:00:00 | Ricardo Jover (EDF), Eric Suignard (EDF), | ||
| 4 | 2018-07-02T00:00:00 | Ricardo Jover (EDF), Eric Suignard (EDF), | ||
| 5 | 2018-08-10T00:00:00 | Ricardo Jover (EDF), Eric Suignard (EDF), | ||
| 6 | 2018-08-19T00:00:00 | Ricardo Jover (EDF), Eric Suignard (EDF), | “Delegated Authentication” changed into “Representation Rights” | |
| 7 | 2018-08-02T00:00:00 | Eric Suignard (EDF), | ||
| 8 | 2018-09-21T00:00:00 | Eric Suignard (EDF), Ricardo Jover (EDF), | Remarks from Innogy, Elering (Automatic process for DEP, without Operator) and EirGrid. | |
| 9 | 2018-10-04T00:00:00 | Eric Suignard (EDF), | Version post WP5&9 physical meeting in Tallinn | |
| 10 | 2018-10-17T00:00:00 | Eric Suignard (EDF), | Version reviewed by WP5&9 partners | |
| 11 | 2019-05-07T00:00:00 | Eric Suignard (EDF), | WP6-7-8 demos alignment and miscellaneous changes | |
| 12 | 2020-06-16T00:00:00 | Eric Suignard (EDF), | Wiebke’s and Kalle’s review |
1.3. Scope and Objectives of Use Case
| Scope | Access to private data and other information with restricted access through a Customer Portal and a Data Exchange Platform |
| Objective(s) | Support easy but secure access to data |
| Related business case(s) |
1.4. Narrative of Use Case
Short description
All data users need to be authenticated to a Customer Portal before having access to a Data Exchange Platform (DEP), for the exchange of individual metering data (private data) or any other information with restricted access.
Complete description
1.5. Key Performance Indicatiors (KPI)
| ID | Name | Description | Reference to mentioned use case objectives |
|---|
1.6. Use case conditions
| Assumptions |
|---|
| eIDAS (electronic IDentification, Authentication and trust Services) regulation and its trust levels shall be applied |
| Prerequisites |
|---|
| National or platform specific identification infrastructure – ID card, dedicated password, internet bank link, etc |
1.7. Further information to the use case for classification/mapping
| Relation to other use cases |
|---|
| Level of depth |
| Prioritisation |
| Generic, regional or national relation |
| Nature of the use cases |
| SUC |
| Further keywords for classification |
1.8. General remarks
| General remarks |
|---|
2. Diagrams of Use Case
3. Technical Details
3.1. Actors
| Actor Name | Actor Type | Actor Description | Further information specific to this Use Case |
|---|---|---|---|
| Customer Portal Operator | Business | Operates a Customer Portal. | |
| Authentication Service Provider | Business | Trust authority. Verifies the identity of authenticating parties. Some countries will have their own authentication service provider. For countries which will not, there may be a more global and to be defined one. | |
| Data Owner | Business | Any person who owns data and can give authorization to other parties to access them. Can be, inter alia:
| |
| Data Delegated Third party | Business | Any natural person who has received representation rights from a data owner. | |
| Foreign Customer Portal | System | Customer Portal for another country. Can also mean a separate portal in the same country. | |
| Customer Portal | System | Customer Portal manages data users' authentication, access permissions and data logs. Customer Portals store data related to its services (e.g. authentication information, representation rights, access permissions, data logs). | |
| Data Exchange Platform | System | Data exchange platform (DEP) is a communication platform the basic functionality of which is to secure data transfer (routing) from data providers (e.g. data hubs, flexibility service providers, TSOs, DSOs) to the data users (e.g. TSOs, DSOs, consumers, suppliers, energy service providers). DEP stores data related to its services (e.g. cryptographic hash of the data requested). The DEP does not store core energy data (e.g. meter data, grid data, market data) while these data can be stored by data hubs. Several DEPs may exist in different countries and inside one country. | |
| DEP Operator | Business | Data exchange platform operator owns and operates a communication system which basic functionality is data transfer. |
3.2. References
| No. | References Type | Reference | Status | Impact on Use Case | Organistaor / Organisation | Link |
|---|
4. Step by Step Analysis of Use Case
4.1. Overview of Scenarios
| No. | Scenario Name | Scenario Description | Primary Actor | Triggering Event | Pre-Condition | Post-Condition |
|---|---|---|---|---|---|---|
| 1 | Authentication process and representation rights delegation | Any person needing access to personal or commercial data needs to be authenticated to a Customer Portal for having access to the data via a DEP – either logging in through a Customer Portal or through third party application connected to a DEP. This may involve:
After authenticating himself/herself, the data owner (e.g. electricity consumer is the owner of its consumption data) can give representation rights to any other person who can then act on behalf of the data owner. Customer Portal operator checks the validity of the representation rights. If a representation right is given to a person in another country, then the Customer Portal operators of the involved countries share the information about representation rights between themselves. After authenticating himself/herself, the person who has received the representation rights can see who is he/she representing and act on behalf of data owner. |
Notes
4.2. Steps – Scenarios
| Scenario Name: |
|---|
| Authentication process and representation rights delegation |
| Step No. | Event. | Name of Process/ Activity | Description of Process/ Activity. | Service | Information Producer (Actor) | Information Receiver (Actor) | Information Exchanged | Requirements, R-ID |
|---|---|---|---|---|---|---|---|---|
| 1.1 | Authenticate | Authentication means may include ID-card, mobile-ID or bank link. Information associated to authentication process may include name, surname and ID-code of individual customers; company name and registry code of corporate customers as well as name, surname and ID-code of their representatives. Modsarus Use Case::InstanceName=Authenticate Information Modsarus Use Case::InstanceDescription= | a17749ef-fb35-4331-9275-eaadfad82b36 | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 79077332-56bd-437e-8295-63b9a9dab5bd | 1e05916d-6efd-4312-b48e-80cf75241cb5 | ||
| 1.2 | Verify Logging Identification | Modsarus Use Case::InstanceName=Authenticate Information Modsarus Use Case::InstanceDescription= | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 9488169b-e952-4818-b0f0-d417cf25f11b | 79077332-56bd-437e-8295-63b9a9dab5bd | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.3 | Verify Identity | Verifies the identity of authenticating parties. | 9488169b-e952-4818-b0f0-d417cf25f11b | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||||
| 1.4 | Give access to data | Modsarus Use Case::InstanceName=Authenticate access Modsarus Use Case::InstanceDescription= | 4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385 | a17749ef-fb35-4331-9275-eaadfad82b36 baa61f8b-bde4-4008-820b-bfad5a7150f6 bd6ead6c-b65f-44e5-b686-9c9456170f0a | 79077332-56bd-437e-8295-63b9a9dab5bd | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.5 | Access to Own Data | a17749ef-fb35-4331-9275-eaadfad82b36 | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | |||||
| 1.6 | Delegate Representation Rights | A data owner gives representation rights for data per consumption/generation point. He/she can also select types of data (e.g. historical consumption/generation data, sub-meter data, operational data) for which he/she gives representation rights. He/she selects the persons to whom he/she gives representation rights. Modsarus Use Case::InstanceName=Representation Rights Modsarus Use Case::InstanceDescription= | a17749ef-fb35-4331-9275-eaadfad82b36 | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 2d556860-d3eb-4096-a4e9-da817e315002 | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.7 | Register Representation Rights | Modsarus Use Case::InstanceName=Representation Rights Modsarus Use Case::InstanceDescription= | baa61f8b-bde4-4008-820b-bfad5a7150f6 | baa61f8b-bde4-4008-820b-bfad5a7150f6 5351ac19-9ec2-47b9-9ead-4a28907df045 | 2d556860-d3eb-4096-a4e9-da817e315002 | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.8 | Verify Representation Rights | Customer Portal operator checks the validity of the representation rights. Modsarus Use Case::InstanceName=Representation Rights Modsarus Use Case::InstanceDescription= | baa61f8b-bde4-4008-820b-bfad5a7150f6 | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 2d556860-d3eb-4096-a4e9-da817e315002 | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.9 | Verify Representation Rights in a Foreign Country | If the representation right is given to a person in another country, then the Customer Portal operators of the involved countries share the information about representation rights between themselves. Modsarus Use Case::InstanceName=Representation Rights Modsarus Use Case::InstanceDescription= | 5351ac19-9ec2-47b9-9ead-4a28907df045 | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 2d556860-d3eb-4096-a4e9-da817e315002 | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.10 | Notify Representation Rights | Modsarus Use Case::InstanceName=Authenticate Information Modsarus Use Case::InstanceDescription= | baa61f8b-bde4-4008-820b-bfad5a7150f6 | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 79077332-56bd-437e-8295-63b9a9dab5bd | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 | ||
| 1.11 | Authenticate | Modsarus Use Case::InstanceName=Authenticate Information Modsarus Use Case::InstanceDescription= | bd6ead6c-b65f-44e5-b686-9c9456170f0a | baa61f8b-bde4-4008-820b-bfad5a7150f6 | 79077332-56bd-437e-8295-63b9a9dab5bd | 1e05916d-6efd-4312-b48e-80cf75241cb5 | ||
| 1.12 | Access to Delegated Data | bd6ead6c-b65f-44e5-b686-9c9456170f0a | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 5798483d-0d41-4eee-8923-e6104e0a5407 61a984c8-570b-44ea-ae27-4ac6e8d539a4 f92f957a-3da4-4c7a-b131-07c09c7c78f5 6274a294-499d-4bb6-9d98-ef3d0a488633 |
5. Information Exchanged
| Information exchanged ID | Name of Information | Description of Information Exchanged | Requirement |
|---|---|---|---|
| 79077332-56bd-437e-8295-63b9a9dab5bd | Authenticate Information | —- | |
| 2d556860-d3eb-4096-a4e9-da817e315002 | Representation Rights | —- |
6. Requirements (optional)
| Category Identifier | Name | Description | mRID |
|---|---|---|---|
| Cat1 | Personal data | bd1580a2-20b8-41fa-a8df-2ae6041bf604 |
| Identifier | Name | Description | mRID |
|---|---|---|---|
| Req1 | Access Citizen Right | Right to secure direct access of own personal data and to any processing, storage or sharing details | 2af6ad64-c90f-4bc9-aebd-7c01060f85c4 |
| Category Identifier | Name | Description | mRID |
|---|---|---|---|
| Cat2 | Task 5.3 | Requirements integrated from Task 5.3. | 1880e39c-7084-4785-8c02-297057abe312 |
| Identifier | Name | Description | mRID |
|---|---|---|---|
| Req2 | AUTH-REQ-3 | Ability to share information related to representation rights between data users and concerned Customer Portals | 5798483d-0d41-4eee-8923-e6104e0a5407 |
| Req3 | AUTH-REQ-4 | Ability to share authentication information between data users, Customer Portal and Authentication Service Provider | 61a984c8-570b-44ea-ae27-4ac6e8d539a4 |
| Req4 | AUTH-REQ-2 | Authentication tools | f92f957a-3da4-4c7a-b131-07c09c7c78f5 |
| Req5 | AUTH-REQ-1 | Right to access own data | 6274a294-499d-4bb6-9d98-ef3d0a488633 |
| Category Identifier | Name | Description | mRID |
|---|---|---|---|
| Cat3 | Functional | Functional requirements | 59e7899c-d9ee-4534-81a6-81b37dce5e81 |
| Identifier | Name | Description | mRID |
|---|---|---|---|
| Req6 | Authentication means | Authentication means may include ID-card, mobile-ID or bank link. <br/>Information associated to authentication process may include name, surname and ID-code of individual customers; company name and registry code of corporate customers as well as name, surname and ID-code of their representatives. | 1e05916d-6efd-4312-b48e-80cf75241cb5 |
7. Common Terms and Definitions
8. Custom Information (optional)
| Key | Value | Refers to Section |
|---|