elering-8

Manage access permissions

1. Description of the Use Case

1.1. Name of the Use Case

IDArea /Domain(s)/Zone(s)Name of the Use Case
1Market for flexibilities, Operational planning and forecasting, Access to data, Balance management, Services related to end customers,elering-8

1.2. Version Management

Version No.DateName of author(s)ChangesApproval status
12018-04-06T00:00:00Christian Radl (Transnet),
22018-06-01T00:00:00Kalle Kukk (Elering), Georg Rute (Elering)

…, ||| |3|2018-07-17T00:00:00|Mandimby Ranaivo R. (AKKA), Florentin Dam (AKKA), ||| |4|2018-08-02T00:00:00|Eric Suignard (EDF), ||| |5|2018-09-05T00:00:00|Mandimby Ranaivo R. (AKKA), ||| |6|2018-09-21T00:00:00|Eric Suignard (EDF), ||| |7|2018-10-04T00:00:00|Eric Suignard (EDF), |Version post WP5&9 physical meeting in Tallinn|| |8|2018-10-17T00:00:00|Eric Suignard (EDF), |Version reviewed by WP5&9 partners|| |9|2019-05-07T00:00:00|Eric Suignard (EDF), |WP6-7-8 demos alignment and miscellaneous changes|| |10|2020-06-16T00:00:00|Eric Suignard (EDF), |innogy’s and Elering’s review|| |11|2020-08-05T00:00:00|Eric Suignard (EDF), |‘Authorization Grant’ Business Object identical to ‘Customer Consent’.||

1.3. Scope and Objectives of Use Case

ScopeGiving authorization by data owners (e.g. consumers) to other parties interested in using this data.
Objective(s)Facilitating exchange of personal and other sensitive data as well as associated energy services (incl. across country borders).
Related business case(s)

1.4. Narrative of Use Case

Short description

The party who is the data owner (e.g. electricity consumer is the owner of its consumption data) can authorize any application to have access to its data. Cross-border acknowledgement of authorizations shall be enabled.

Complete description

1.5. Key Performance Indicatiors (KPI)

IDNameDescriptionReference to mentioned use case objectives

1.6. Use case conditions

Assumptions
Focus on data that has a big sensitivity to its owner and therefore requires high level of confidentiality.
Prerequisites
DEPs and authorization systems of different countries and different authorization systems inside a country are able to acknowledge each other.

1.7. Further information to the use case for classification/mapping

Relation to other use cases
Level of depth
Prioritisation
Generic, regional or national relation
Nature of the use cases
SUC
Further keywords for classification

1.8. General remarks

General remarks

2. Diagrams of Use Case

Manage authorizations - overview Manage authorizations - scenarios flowchart

3. Technical Details

3.1. Actors

Actor NameActor TypeActor DescriptionFurther information specific to this Use Case
Data SourceSystemAny kind of system used to store data (including Data Hub and Flexibility Platform).
Data OwnerBusinessAny person who owns data and can give authorization to other parties to access them. Can be, inter alia:
  • Flexibility Services Provider
  • Market Operator
  • Consumer
  • Generator
Data Exchange PlatformSystemData exchange platform (DEP) is a communication platform the basic functionality of which is to secure data transfer (routing) from data providers (e.g. data hubs, flexibility service providers, TSOs, DSOs) to the data users (e.g. TSOs, DSOs, consumers, suppliers, energy service providers). DEP stores data related to its services (e.g. cryptographic hash of the data requested). The DEP does not store core energy data (e.g. meter data, grid data, market data) while these data can be stored by data hubs. Several DEPs may exist in different countries and inside one country.
ApplicationSystemAny kind of system connected to a Data Exchange Platform and used by a market participant who wishes to receive data.
Customer PortalSystemCustomer Portal manages data users' authentication, access permissions and data logs. Customer Portals store data related to its services (e.g. authentication information, representation rights, access permissions, data logs).
Foreign Customer PortalSystemCustomer Portal for another country.
Can also mean a separate portal in the same country.
DEP OperatorBusinessData exchange platform operator owns and operates a communication system which basic functionality is data transfer.

3.2. References

No.References TypeReferenceStatusImpact on Use CaseOrganistaor / OrganisationLink

4. Step by Step Analysis of Use Case

4.1. Overview of Scenarios

No.Scenario NameScenario DescriptionPrimary ActorTriggering EventPre-ConditionPost-Condition
1The Data Owner gives authorization directly
  • Via the Customer Portal and the Data Exchange Platform (DEP), any data owner (e.g. electricity consumer is the owner of its consumption data) can authorize any application (incl. from other countries) to have access to its data. A data owner can select the available applications from the list of service providers (see SUC Provide list of suppliers and ESCOs).
  • In the cross-border case, the DEP forwards the customer consent to the relevant foreign Customer Portal.
  • The Customer Portal operator sends the information about the authorization to the application (optional) and to the data source concerned (incl. from other countries).
An example for this scenario would be when a customer looks for a new electricity supplier or service provider (incl. aggregator), and, therefore, makes his data accessible.
2The application requests for authorization
  • An application sends request for authorization in order to access the data of a data owner.
  • In the cross-border case, the DEP forwards the customer consent to the relevant foreign Customer Portal.
  • The Customer Portal operator sends the information about the authorization to the application (optional) and to the data source concerned (incl. in other countries).

Notes

4.2. Steps – Scenarios

Scenario Name:
The Data Owner gives authorization directly
Step No.Event.Name of Process/ ActivityDescription of Process/ Activity.ServiceInformation Producer (Actor)Information Receiver (Actor)Information ExchangedRequirements, R-ID
1.1Acknowledge customer consentOptional
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
3b6d4cd1-7cd7-473e-af25-2cd3f990d4154e694b8b-e0eb-4b2a-ae7a-1bcb6f656385bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.2Acknowledge customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
0dd151df-ddcc-48b7-9236-208eb2f4a16c4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.3Choose application and data object from the listThe data owner can select the available applications in the list of service providers (see SUC Provide list of suppliers and ESCOs) and the available data objects.a17749ef-fb35-4331-9275-eaadfad82b36e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.4Create customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
baa61f8b-bde4-4008-820b-bfad5a7150f6baa61f8b-bde4-4008-820b-bfad5a7150f6 5351ac19-9ec2-47b9-9ead-4a28907df045bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.5Create customer consentbaa61f8b-bde4-4008-820b-bfad5a7150f6baa61f8b-bde4-4008-820b-bfad5a7150f6e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.6Create customer consentbaa61f8b-bde4-4008-820b-bfad5a7150f6e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.7Grant customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
a17749ef-fb35-4331-9275-eaadfad82b36baa61f8b-bde4-4008-820b-bfad5a7150f6bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.8Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
baa61f8b-bde4-4008-820b-bfad5a7150f63b6d4cd1-7cd7-473e-af25-2cd3f990d415bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.9Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
baa61f8b-bde4-4008-820b-bfad5a7150f60dd151df-ddcc-48b7-9236-208eb2f4a16cbbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.10Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
5351ac19-9ec2-47b9-9ead-4a28907df0450dd151df-ddcc-48b7-9236-208eb2f4a16cbbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.11Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
5351ac19-9ec2-47b9-9ead-4a28907df0453b6d4cd1-7cd7-473e-af25-2cd3f990d415bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
1.12Present list of applications and list of data objects
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385baa61f8b-bde4-4008-820b-bfad5a7150f6bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
Scenario Name:
The application requests for authorization
Step No.Event.Name of Process/ ActivityDescription of Process/ Activity.ServiceInformation Producer (Actor)Information Receiver (Actor)Information ExchangedRequirements, R-ID
2.1Notify authorization refusal
Modsarus Use Case::InstanceName=Authorization information
Modsarus Use Case::InstanceDescription=
5351ac19-9ec2-47b9-9ead-4a28907df0453b6d4cd1-7cd7-473e-af25-2cd3f990d41518a3d942-56e4-4d68-b1f1-99e1d9bb5766e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.2Notify authorization request
Modsarus Use Case::InstanceName=Authorization request
Modsarus Use Case::InstanceDescription=
5351ac19-9ec2-47b9-9ead-4a28907df045baa61f8b-bde4-4008-820b-bfad5a7150f6d4537ba5-98ff-4482-bda0-efa3c6218f60e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.3Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
5351ac19-9ec2-47b9-9ead-4a28907df0450dd151df-ddcc-48b7-9236-208eb2f4a16c 3b6d4cd1-7cd7-473e-af25-2cd3f990d415bbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.4Request authorization
Modsarus Use Case::InstanceName=Authorization request
Modsarus Use Case::InstanceDescription=
3b6d4cd1-7cd7-473e-af25-2cd3f990d4155351ac19-9ec2-47b9-9ead-4a28907df045 baa61f8b-bde4-4008-820b-bfad5a7150f6d4537ba5-98ff-4482-bda0-efa3c6218f60e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.5Notify authorization request
Modsarus Use Case::InstanceName=Authorization request
Modsarus Use Case::InstanceDescription=Authorization request
baa61f8b-bde4-4008-820b-bfad5a7150f6a17749ef-fb35-4331-9275-eaadfad82b36d4537ba5-98ff-4482-bda0-efa3c6218f60e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.6Acknowledge authorization requesta17749ef-fb35-4331-9275-eaadfad82b36e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.7Update customer consentbaa61f8b-bde4-4008-820b-bfad5a7150f6baa61f8b-bde4-4008-820b-bfad5a7150f6e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.8Notify customer consent
Modsarus Use Case::InstanceName=Customer Consent
Modsarus Use Case::InstanceDescription=
baa61f8b-bde4-4008-820b-bfad5a7150f63b6d4cd1-7cd7-473e-af25-2cd3f990d415 0dd151df-ddcc-48b7-9236-208eb2f4a16cbbac2544-418c-4356-b574-c4b6bf048588e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.9Acknowledge customer consent0dd151df-ddcc-48b7-9236-208eb2f4a16ce784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.10Acknowledge customer consent3b6d4cd1-7cd7-473e-af25-2cd3f990d415e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.11Notify authorization refusal
Modsarus Use Case::InstanceName=Authorization information
Modsarus Use Case::InstanceDescription=
baa61f8b-bde4-4008-820b-bfad5a7150f63b6d4cd1-7cd7-473e-af25-2cd3f990d41518a3d942-56e4-4d68-b1f1-99e1d9bb5766e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249
2.12Acknowledge authorization refusal3b6d4cd1-7cd7-473e-af25-2cd3f990d415e784b912-12f0-463c-80dc-2ec08a13865d 51518695-787c-4a15-be61-8f859cbba0f1 154407af-1387-46c5-849d-4b0d6a4ec164 93d37a8c-6416-4944-ae26-00f561f1e249

5. Information Exchanged

Information exchanged IDName of InformationDescription of Information ExchangedRequirement
bbac2544-418c-4356-b574-c4b6bf048588Customer Consent—-
18a3d942-56e4-4d68-b1f1-99e1d9bb5766Authorization information—-
d4537ba5-98ff-4482-bda0-efa3c6218f60Authorization request—-

6. Requirements (optional)

Category IdentifierNameDescriptionmRID
Cat1Personal databd1580a2-20b8-41fa-a8df-2ae6041bf604
IdentifierNameDescriptionmRID
Req1Consent Citizen RightRight to withdraw consent or restrict the processing or sharing their data. Explicit and unambiguous informed consent must be obtainede784b912-12f0-463c-80dc-2ec08a13865d
Category IdentifierNameDescriptionmRID
Cat2Task 5.3Requirements integrated from Task 5.3.1880e39c-7084-4785-8c02-297057abe312
IdentifierNameDescriptionmRID
Req2AUTHZN -REQ3Ability to share access permissions between data owners, concerned DEPs, applications and data sources51518695-787c-4a15-be61-8f859cbba0f1
Req3AUTHZN -REQ1Every person needs access permission154407af-1387-46c5-849d-4b0d6a4ec164
Req4AUTHZN -REQ2Valid identity of the person receiving access permissions93d37a8c-6416-4944-ae26-00f561f1e249

7. Common Terms and Definitions

8. Custom Information (optional)

KeyValueRefers to Section