...
Actor | Role in the use case | |
---|---|---|
Holder | Holds a mobile credential with a picture. Wants to take a trip or enter a (e.g.) sports venue. | |
PDP - Seller | Is a web site that is accessed by the Holder and creates the ticket using one or more mobile credential. | |
Scanner | Verifies PEP - Verifier | Biometric scanner verifies the person as the holder of the ticket (access token). |
Policy Maker | Government or business that creates a policy that is used for access check. The policy is subject to fairly frequent updates. | |
Access TokenIssuers | The holder of the mobile credential is given yet another credential with provides access to the venue. This proof that can be used if the biometric check fails.various mobile credentials held in the user's wallet. For this case they are (1) Driver's license, (2) Covid Immunization, and (3) Credit Card |
User Stories
Element | Detail | Notes | ||||
---|---|---|---|---|---|---|
As a, | human user with a smartphone containing several mobile credentials | |||||
I want | to travel to a foreign country or enter a sports venue | |||||
so that | I can check that i have the privileges needed to access my destination | |||||
Acceptance Criteria | ||||||
Given | <how things begin> | When | <action taken> | Then | <outcome of taking action>Holder has (1) Driver's license, (2) Covid Immunization, and (3) Credit Card | |
When | The trigger is the user's desire to travel to a foreign country or a sports venue | |||||
Then | The credentials need to satisfy both the seller and the policy maker(s) |
Prerequisites / Assumptions
...
The seller needs to acquire a REAL ID for the holder which must include biometric data. This is highly sensitive and must not be shared. The verification device can send a real-time biometric scan, but does not see the store biometric data.
Access Token | The holder of the mobile credential is given yet another credential with provides access to the venue. This proof that can be used if the biometric check fails. |
Data Retained
The seller may maintain the holder's legal name for as long as a relationship exists with the holder. The holder may terminate the relationship at any time. The seller will delete all references to the holder as soon as legally permitted.
The retention of biometric source data (like the user's image) is a difficult decision, but the holder must understand what happens to biometric data.
Diagram
Steps
Primary Use Case
The anticipated normal sequence
# | Step | Description |
---|---|---|
1 | acquire creds | preconditions, user may be told more creds are required and need to restart process. |
2 | visit sellers web site | starts anonymous |
3 | Select destination | date, time ,etc. |
4 | Asked for consent | Seller needs to communicate clearly to holder |
5 | Presentment of creds | Seller accesses as many apps on the user's device as needed to acquire all needed data |
6 | Seller issues ticket (PDP) | To user wallet as well as to the verification end point(s) two scanners for international travel, one at embarkation and one at debarkation. |
7 | Check in (PDP) | may be optional. For example 24 hours of arrival at PEP |
8 | Holder at scanner (PEP) | Biometric check with no other human required - user walks on through. |
Secondary Use Case(s)
Alternate or variant sequences
...