elering-8

Manage access permissions

1. Description of the Use Case

1.1. Name of the Use Case

ID	Area /Domain(s)/Zone(s)	Name of the Use Case
1	Market for flexibilities, Operational planning and forecasting, Access to data, Balance management, Services related to end customers,	elering-8

1.2. Version Management

Version No.	Date	Name of author(s)	Changes	Approval status
1	2018-04-06T00:00:00	Christian Radl (Transnet),
2	2018-06-01T00:00:00	Kalle Kukk (Elering), Georg Rute (Elering)

…, ||| |3|2018-07-17T00:00:00|Mandimby Ranaivo R. (AKKA), Florentin Dam (AKKA), ||| |4|2018-08-02T00:00:00|Eric Suignard (EDF), ||| |5|2018-09-05T00:00:00|Mandimby Ranaivo R. (AKKA), ||| |6|2018-09-21T00:00:00|Eric Suignard (EDF), ||| |7|2018-10-04T00:00:00|Eric Suignard (EDF), |Version post WP5&9 physical meeting in Tallinn|| |8|2018-10-17T00:00:00|Eric Suignard (EDF), |Version reviewed by WP5&9 partners|| |9|2019-05-07T00:00:00|Eric Suignard (EDF), |WP6-7-8 demos alignment and miscellaneous changes|| |10|2020-06-16T00:00:00|Eric Suignard (EDF), |innogy’s and Elering’s review|| |11|2020-08-05T00:00:00|Eric Suignard (EDF), |‘Authorization Grant’ Business Object identical to ‘Customer Consent’.||

1.3. Scope and Objectives of Use Case


Scope	Giving authorization by data owners (e.g. consumers) to other parties interested in using this data.
Objective(s)	Facilitating exchange of personal and other sensitive data as well as associated energy services (incl. across country borders).
Related business case(s)

1.4. Narrative of Use Case

Short description

The party who is the data owner (e.g. electricity consumer is the owner of its consumption data) can authorize any application to have access to its data. Cross-border acknowledgement of authorizations shall be enabled.

Complete description

1.5. Key Performance Indicatiors (KPI)

ID	Name	Description	Reference to mentioned use case objectives

1.6. Use case conditions

Assumptions
Focus on data that has a big sensitivity to its owner and therefore requires high level of confidentiality.

Prerequisites
DEPs and authorization systems of different countries and different authorization systems inside a country are able to acknowledge each other.

1.7. Further information to the use case for classification/mapping

Relation to other use cases

Level of depth
Prioritisation

Generic, regional or national relation

Nature of the use cases
SUC
Further keywords for classification

1.8. General remarks

General remarks

2. Diagrams of Use Case

Manage authorizations - overview Manage authorizations - scenarios flowchart

3. Technical Details

3.1. Actors

Actor Name	Actor Type	Actor Description
Data Source	System	Any kind of system used to store data (including Data Hub and Flexibility Platform).
Data Owner	Business	Any person who owns data and can give authorization to other parties to access them. Can be, inter alia: Flexibility Services Provider Market Operator Consumer Generator
Data Exchange Platform	System	Data exchange platform (DEP) is a communication platform the basic functionality of which is to secure data transfer (routing) from data providers (e.g. data hubs, flexibility service providers, TSOs, DSOs) to the data users (e.g. TSOs, DSOs, consumers, suppliers, energy service providers). DEP stores data related to its services (e.g. cryptographic hash of the data requested). The DEP does not store core energy data (e.g. meter data, grid data, market data) while these data can be stored by data hubs. Several DEPs may exist in different countries and inside one country.
Application	System	Any kind of system connected to a Data Exchange Platform and used by a market participant who wishes to receive data.
Customer Portal	System	Customer Portal manages data users' authentication, access permissions and data logs. Customer Portals store data related to its services (e.g. authentication information, representation rights, access permissions, data logs).
Foreign Customer Portal	System	Customer Portal for another country. Can also mean a separate portal in the same country.
DEP Operator	Business	Data exchange platform operator owns and operates a communication system which basic functionality is data transfer.

3.2. References

No.	References Type	Reference	Status	Impact on Use Case	Organistaor / Organisation	Link

4. Step by Step Analysis of Use Case

4.1. Overview of Scenarios

No.

Scenario Name

Scenario Description

Primary Actor

Triggering Event

Pre-Condition

Post-Condition

The Data Owner gives authorization directly

Via the Customer Portal and the Data Exchange Platform (DEP), any data owner (e.g. electricity consumer is the owner of its consumption data) can authorize any application (incl. from other countries) to have access to its data. A data owner can select the available applications from the list of service providers (see SUC Provide list of suppliers and ESCOs).
In the cross-border case, the DEP forwards the customer consent to the relevant foreign Customer Portal.
The Customer Portal operator sends the information about the authorization to the application (optional) and to the data source concerned (incl. from other countries).

An example for this scenario would be when a customer looks for a new electricity supplier or service provider (incl. aggregator), and, therefore, makes his data accessible.

The application requests for authorization

An application sends request for authorization in order to access the data of a data owner.

In the cross-border case, the DEP forwards the customer consent to the relevant foreign Customer Portal.

The Customer Portal operator sends the information about the authorization to the application (optional) and to the data source concerned (incl. in other countries).

Notes

4.2. Steps – Scenarios

Scenario Name:
The Data Owner gives authorization directly

Step No.	Name of Process/ Activity	Description of Process/ Activity.	Information Producer (Actor)	Information Receiver (Actor)	Information Exchanged	Requirements, R-ID
1.1	Acknowledge customer consent	Optional Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.2	Acknowledge customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	0dd151df-ddcc-48b7-9236-208eb2f4a16c	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.3	Choose application and data object from the list	The data owner can select the available applications in the list of service providers (see SUC Provide list of suppliers and ESCOs) and the available data objects.	a17749ef-fb35-4331-9275-eaadfad82b36			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.4	Create customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	baa61f8b-bde4-4008-820b-bfad5a7150f6	baa61f8b-bde4-4008-820b-bfad5a7150f6 5351ac19-9ec2-47b9-9ead-4a28907df045	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.5	Create customer consent		baa61f8b-bde4-4008-820b-bfad5a7150f6	baa61f8b-bde4-4008-820b-bfad5a7150f6		e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.6	Create customer consent		baa61f8b-bde4-4008-820b-bfad5a7150f6			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.7	Grant customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	a17749ef-fb35-4331-9275-eaadfad82b36	baa61f8b-bde4-4008-820b-bfad5a7150f6	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.8	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	baa61f8b-bde4-4008-820b-bfad5a7150f6	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.9	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	baa61f8b-bde4-4008-820b-bfad5a7150f6	0dd151df-ddcc-48b7-9236-208eb2f4a16c	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.10	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	5351ac19-9ec2-47b9-9ead-4a28907df045	0dd151df-ddcc-48b7-9236-208eb2f4a16c	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.11	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	5351ac19-9ec2-47b9-9ead-4a28907df045	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.12	Present list of applications and list of data objects	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	baa61f8b-bde4-4008-820b-bfad5a7150f6	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249

Scenario Name:
The application requests for authorization

Step No.	Name of Process/ Activity	Description of Process/ Activity.	Information Producer (Actor)	Information Receiver (Actor)	Information Exchanged	Requirements, R-ID
2.1	Notify authorization refusal	Modsarus Use Case::InstanceName=Authorization information Modsarus Use Case::InstanceDescription=	5351ac19-9ec2-47b9-9ead-4a28907df045	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	18a3d942-56e4-4d68-b1f1-99e1d9bb5766	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.2	Notify authorization request	Modsarus Use Case::InstanceName=Authorization request Modsarus Use Case::InstanceDescription=	5351ac19-9ec2-47b9-9ead-4a28907df045	baa61f8b-bde4-4008-820b-bfad5a7150f6	d4537ba5-98ff-4482-bda0-efa3c6218f60	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.3	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	5351ac19-9ec2-47b9-9ead-4a28907df045	0dd151df-ddcc-48b7-9236-208eb2f4a16c 3b6d4cd1-7cd7-473e-af25-2cd3f990d415	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.4	Request authorization	Modsarus Use Case::InstanceName=Authorization request Modsarus Use Case::InstanceDescription=	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	5351ac19-9ec2-47b9-9ead-4a28907df045 baa61f8b-bde4-4008-820b-bfad5a7150f6	d4537ba5-98ff-4482-bda0-efa3c6218f60	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.5	Notify authorization request	Modsarus Use Case::InstanceName=Authorization request Modsarus Use Case::InstanceDescription=Authorization request	baa61f8b-bde4-4008-820b-bfad5a7150f6	a17749ef-fb35-4331-9275-eaadfad82b36	d4537ba5-98ff-4482-bda0-efa3c6218f60	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.6	Acknowledge authorization request		a17749ef-fb35-4331-9275-eaadfad82b36			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.7	Update customer consent		baa61f8b-bde4-4008-820b-bfad5a7150f6	baa61f8b-bde4-4008-820b-bfad5a7150f6		e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.8	Notify customer consent	Modsarus Use Case::InstanceName=Customer Consent Modsarus Use Case::InstanceDescription=	baa61f8b-bde4-4008-820b-bfad5a7150f6	3b6d4cd1-7cd7-473e-af25-2cd3f990d415 0dd151df-ddcc-48b7-9236-208eb2f4a16c	bbac2544-418c-4356-b574-c4b6bf048588	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.9	Acknowledge customer consent		0dd151df-ddcc-48b7-9236-208eb2f4a16c			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.10	Acknowledge customer consent		3b6d4cd1-7cd7-473e-af25-2cd3f990d415			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.11	Notify authorization refusal	Modsarus Use Case::InstanceName=Authorization information Modsarus Use Case::InstanceDescription=	baa61f8b-bde4-4008-820b-bfad5a7150f6	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	18a3d942-56e4-4d68-b1f1-99e1d9bb5766	e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.12	Acknowledge authorization refusal		3b6d4cd1-7cd7-473e-af25-2cd3f990d415			e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249

5. Information Exchanged

Information exchanged ID	Name of Information	Requirement
bbac2544-418c-4356-b574-c4b6bf048588	Customer Consent	—-
18a3d942-56e4-4d68-b1f1-99e1d9bb5766	Authorization information	—-
d4537ba5-98ff-4482-bda0-efa3c6218f60	Authorization request	—-

6. Requirements (optional)

Category Identifier	Name	Description	mRID
Cat1	Personal data		bd1580a2-20b8-41fa-a8df-2ae6041bf604

Identifier	Name	Description	mRID
Req1	Consent Citizen Right	Right to withdraw consent or restrict the processing or sharing their data. Explicit and unambiguous informed consent must be obtained	e784b912-12f0-463c-80dc-2ec08a13865d

Category Identifier	Name	Description	mRID
Cat2	Task 5.3	Requirements integrated from Task 5.3.	1880e39c-7084-4785-8c02-297057abe312

Identifier	Name	Description	mRID
Req2	AUTHZN -REQ3	Ability to share access permissions between data owners, concerned DEPs, applications and data sources	51518695-787c-4a15-be61-8f859cbba0f1
Req3	AUTHZN -REQ1	Every person needs access permission	154407af-1387-46c5-849d-4b0d6a4ec164
Req4	AUTHZN -REQ2	Valid identity of the person receiving access permissions	93d37a8c-6416-4944-ae26-00f561f1e249

7. Common Terms and Definitions

8. Custom Information (optional)

Key	Value	Refers to Section