Notary Seal

From MgmtWiki
Revision as of 15:39, 13 November 2022 by Tom (talk | contribs) (Scenarios)

Jump to: navigation, search

Full Title

This is a Use Case for the application of a a Notary Seal to a digital document.

Context

  • This use case considers the holder of a Wallet

Goal

To enable the creation of a single aggregated claim set

Actors

  1. Actor: Holder seeking access to one (or more) game.
  2. Actor: Notaryis used here to mean any person that can hold an access token for another, typically a child.
  3. Actor: Validation web site that can analyze a person's access token remotely to let them know what access would be granted if used at the ballpark.
  4. Actor: Relying Party intake personnel both at the main entrance and at the access point to the private boxes.

Preconditions

  • A state with strict rules about:
  1. minors access to alcoholic beverages. The only officially recognized digital proof of age is the state-issued driver's license or eID.
  2. vaccination status for access to a ballpark.
  • Person with a cell phone that is loaded with a wallet app that can hold a credential which will allow access to the venue.
  • Note that the exact method used for access can be radios or visual displays. This use case will describe the use of visual display of a QR code for convenience only. Any presentation media that meets the same ease of access would be acceptable. The QR code has the advantage that it can be presented on a smartphone or printed on a sheet of paper for those without smartphones.
  • The person, at home, has acquired a ticket that will grant access to a ball park and to the private boxes.
  • While access to alcoholic beverages could talk place at several access points, for the purposes of this use case, it is assumed that every person with access to the private boxes is verified to be 21 so that a single access point get access to both the physical location, as well as the alcoholic beverages, in a manner similar to the "No person under 21 permitted beyond this point" rule.
  • A patron at a ballpark can wander around during the game with access points with many criteria so it will not be possible to determine in advance which access points a user might visit during the game. The approach taken here is to list all of the user claims that MIGHT BE required on the access token.

Trigger

The person arriving at the access point with a cell phone containing the access token to be validated.

Scenarios

Primary Scenario:

  1. Holder is at a website that requires IAL2 identity assurance or higher for one particular transaction.

Secondary Scenario

  1. Holder us at a website that requires IALS identity assurance for a continuing series of transactions over time.

Successful Outcome

  1. The patron is able to present a access token at the main entrance and get through the metal detector with low hassle.
  2. Access checks at internal points can all be enabled with the same access token used at the main entrance.
  3. Where access is denied the patron can be informed of the required attribute that was not available in the token.

Unsuccessful Outcome

  1. Validity of the access token is tested by the patron before travel to the park. This is a better outcome that getting to the park and then being denied access, so it should be considered a partial success.
  2. Failure to access at main gate. The reason should be clear as a ticket counter available to get adjustments as required.

Privacy Concerns

  • The access token may contain more information that is required for the current visit.
  • Presence or lack of specific attributes in the token can be determine at any access point in the park.
  • The user attribute data is maintained at the park or at ticket-master for future use and is not well protected.
  • User has no simple means to tell the park or ticket-master to delete stored data.

Issues

  1. The patron is one of the 19% of the population w/o a smart phone. Perhaps her grandchild can help with that.
  2. Getting the wallet into the patron's smart phone or lap top may prove to be challenging.
  3. The patron is not comfortable with technology.
  4. Who determines what data from the MDL is sent to ticket-master, or the ball part? (e.g., the public health details or explicit user consent)?
  5. Is the driver's license ID number may be used for long term tracking of the user.?
  6. Is a picture required for patron matching to the person at the access points.
  7. Is fraud one of the threats to be addressed within the scope of the recommendation?

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Notary_Seal&oldid=16233"