Revocation of Delegated Authentication Use Case: Difference between revisions
Jump to navigation
Jump to search
m (2 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
Title: Revocation of Delegated Authentication
Use Case Description:
Via a person’s identity with a high value credential, disassociate access rights with another individual’s identity depreciating any authority for that person to act on their behalf .
Use Case Category: Trust/Assurance, Authentication, Interoperability, Privacy
Contributor: John MacTaggart
Use Case Details
Actors:
- Financial institution
- Benefits Providers
- Relying parties
- Identity Providers
Goals:
- Timely discontinuance of access to private information by others on behalf of primary user
- Fraud reduction which may imply cost reduction for the relying party.
- Viable business model for the relying party.
Assumptions:
- The relying party supports delegated access and revocation of delegated access
Requirements:
Internet access device, identity information for the authorizing user, delegated user and identity information of the relying party.
Process Flow:
- The delegating user accesses the relying party with high level authentication as required by the relying party.
- The user wishes to terminate a delegation relation with another known user at the relying party
- The user searches and selects a delegated user with access to their account
- The user request that the delegation be terminated
- The relationship is terminated for that relying party and all parties are notified of the change
Success Scenario:
- Delegated User can no longer access their client’s information.
- Delegated spouse can no longer access benefits accounts established their spouse.
- Delegated financial planner can no longer access performance results of their clients.
- Delegated mortgage broker can no longer access account and rate information of their clients
Error Conditions:
- The delegating User does not have the credentials required by the relying party. Mitigation: the relying party to allow manual request to revoke delegated relationship
- User cannot find the delegated user in the relying party system.
- Relying party does not support revocation of delegated access.
Relationships
- Extended by:
- Extension of:
References and Citations