Generic Platform User Story
- Tom Jones
- John Wunderlich
Page Status: REFERENCE
This is one of the broad lists of abstract user stories focused on Privacy-Enhanced Mobile Credentials (PEMC) on a mobile device platform.
Description (User Story)
The user wants to be able to carry a collection of credentials with them that can give them access to physical locations as well as digital assets. The user needs to believe that they are in control of the release of their information and that the information will be handled securely once released. The function of the holder's platform must include the acquisition, display, protection and creation of a presentation of the appropriate user attributes to the verifier. The holder must be able to trust the platform to protect their interests. The issuer must be able to trust the wallet to follow their policies, the verifier must be able to trust the platform to prove that presence and ownership of the presented attributes of a real-world human user of the platform. In addition, the platform might be required to prove the "liveness" of the real-world human at the time that the presentation was made.
Narrative
The user on their smartphone travels in the real world or the digital world from place to place and easily access the locations or resources that they need in their day-to-day activities.
Secondary Use Case
The user carries backup documents that can be used when the digital ecosystem is non-functional.
Actors
| Actor | Role in the use case |
|---|---|
| Holder | The human user of the mobile credentials. The first person (I, we) of this story. |
| Device | A smartphone or other mobile computing device including the operating system (OS) software. |
| Wallet | An application running on the OS that has access to protected storage on the device. Often called a native app. |
| Issuer | of a mobile credential. |
| Verifier | of one or more mobile credentials. |
Taxonomy
| Term | Definition |
|---|---|
| Credential | A protected structure is given by the issue to the holder's wallet. For example the mdoc from ISO 18013-5 |
| Presentation | A protected message given by the holder's wallet to the verifier. It will contain only the user data that is needed for the purpose of the transaction. |
| Purpose | A structured list of attributes and the retention permissions from some trusted authority. For example the US TSA list of attributes needed to enter an airport. |
User Stories
| Element | Detail | Notes |
|---|---|---|
| As a, | human user | Typically this is the holder of the credentials. |
| I want | access | to either a real-world or a digital resource |
| so that | I can complete whatever task that currently has my attention. | without cognitive dissonance. |
| Acceptance Criteria | ||
| Given | The user has a modern smartphone that comes with or has installed, a wallet application that holds modern mobile credentials. | Laptops also will work, but the smartphone limitations are more germane to this use case. |
| When | I start any task that requires identity credentials. | or when I start planning for future needs. |
| Then | I consider the credentials I might need to complete my task. This is typically on a website that tells me how access is granted. | The user should not need much special knowledge to complete this step. |
| As Needed | I migrate to an issuer website using either the browser or the wallet, as appropriate to acquire new credentials. | The user can be guided to get any missing credentials with major frustration. |
| Fall back | I can scan some credentials from hard copy for entry into the secure store along with the fully digital credentials. See video for example. |
|
Prerequisites / Assumptions
- There are a few standard credential types like ISO 18013-5 mobile driver's license or W3C Verifiable Credentials.
- Smartphones are available that can securely store credentials and prove the holder's presence and ownership of the credentials.
- There are wallet apps that can require mobile credentials and release only that information that is needed for the user's purpose.
- The purpose of the access can be specified or determined by the user.
- The purpose will determine the data required by the user. (This is the definition of purpose for this user story.)
Use Case Details
Privacy
Data Provided
Is tied to a purpose that the user understands and supports.
Data Retained
Is tied to a purpose that the user understands and supports.
Diagram
Steps
Primary Use Case
The anticipated normal sequence
| # | Step | Description |
|---|---|---|
| 1 | ||
| 2 | ||
| 3 | ||
| 4 |
Secondary Use Case(s)
Alternate or variant sequences
| # | Step | Description |
|---|---|---|
| 1 | ||
| 2 | ||
| 3 | ||
| 4 |
Sequence Diagram
End State
It is not expected that there will be any end to the user acceptance and appreciation of the results of using mobile credentials.
Success
- It is possible to measure the user satisfaction with the process.
- The user is satisficed with the results.
- Attacks against user information on the platform can be shown to be better than expected.
Failure
References
Champion / Stakeholder
Tom Jones
Related Material
Resources and Links
Page Tasks
- Type your task here, using "@" to assign to a user and "//" to select a due date