Ball Park Ticket Taker

From MgmtWiki
Revision as of 15:02, 23 November 2021 by Tom (talk | contribs) (References)

Jump to: navigation, search

Full Title

This use case considers a user trying to attend a ball game at a park that requires full COVID immunizations as defined by the local health agency.

Context

  • This use case considers the primary user to be the Ticket Taker. A companion use case will consider the attendee in Ball Park Ticket Acquisition.
  • While it would be interesting to just consider the purchaser going to general admission, this use case will include access to one of the boxes that serves alcoholic beverages and requires proof of age as well. While not all of the conditions are required, the complex case is helpful to determine the widest range of in order to anticipate some of the complexity that may be needed in the future.

Goal

To enable the creation of a single aggregated claim set for authorizing access to a ballpark's main entrance asl well as to areas within the park like the level with private boxes. It has been determined by management that only as access portal with an aggregated, single token check, will be able to handle the volume of people arriving at the access point before the game.

Actors

  1. Actor: Patron seeking access to one (or more) game.
  2. Actor: Proxy is used here to mean any person that can hold an access token for another, typically a child.
  3. Actor: Validation web site that can analyze a person's access token remotely to let them know what access would be granted if used at the ballpark.
  4. Actor: Ballpark intake personnel both at the main entrance and at the access point to the private boxes.

Preconditions

  • A state with strict rules about:
  1. minors access to alcoholic beverages. The only officially recognized digital proof of age is the state-issued driver's license or eID.
  2. vaccination status for access to a ballpark.
  • Person with a cell phone that is loaded with a wallet app that can hold a credential which will allow access to the venue.
  • Note that the exact method used for access can be radios or visual displays. This use case will describe the use of visual display of a QR code for convenience only. Any presentation media that meets the same ease of access would be acceptable. The QR code has the advantage that it can be presented on a smartphone or printed on a sheet of paper for those without smartphones.
  • The person, at home, has acquired a ticket that will grant access to a ball park and to the private boxes.
  • While access to alcoholic beverages could talk place at several access points, for the purposes of this use case, it is assumed that every person with access to the private boxes is verified to be 21 so that a single access point get access to both the physical location, as well as the alcoholic beverages, in a manner similar to the "No person under 21 permitted beyond this point" rule.
  • A patron at a ballpark can wander around during the game with access points with many criteria so it will not be possible to determine in advance which access points a user might visit during the game. The approach taken here is to list all of the user claims that MIGHT BE required on the access token.

Trigger

The person arriving at the access point with a cell phone containing the access token to be validated.

Scenarios

Primary Scenario:

  1. Person desires to attend a ball game in one of the private boxes. The process of Ball Park Ticket Acquisition is described in that use case.

Successful Outcome

  1. The patron is able to present a access token at the main entrance and get through the metal detector with low hassle.
  2. Access checks at internal points can all be enabled with the same access token used at the main entrance.
  3. Where access is denied the patron can be informed of the required attribute that was not available in the token.

Unsuccessful Outcome

  1. Validity of the access token is tested by the patron before travel to the park. This is a better outcome that getting to the park and then being denied access, so it should be considered a partial success. This also covers the case where the local health agency has changed the rules for access to the ball park after the patron acquired the access token. While the preferred path is for the ticker seller to notify the user, the ability of the user to validate access allows them time to adapt to any post-sale changes.
  2. Failure to access at main gate. The reason should be clear as a ticket counter available to get adjustments as required.

Privacy Concerns

  • The access token may contain more information that is required for the current visit.
  • Presence or lack of specific attributes in the token can be determine at any access point in the park.
  • The user attribute data is maintained at the park or at ticket-master for future use and is not well protected.
  • User has no simple means to tell the park or ticket-master to delete stored data.

Issues

  1. The patron is one of the 19% of the population w/o a smart phone. Perhaps her grandchild can help with that.
  2. Getting the wallet into the patron's smart phone or lap top may prove to be challenging.
  3. The patron is not comfortable with technology.
  4. Who determines what data from the MDL is sent to ticket-master, or the ball part? (e.g., the public health details or explicit user consent)?
  5. Is the driver's license ID number may be used for long term tracking of the user.?
  6. Is a picture required for patron matching to the person at the access points.
  7. Is fraud one of the threats to be addressed within the scope of the recommendation?

References

This use case was updated on 2021-11-22.

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Ball_Park_Ticket_Taker&oldid=13160"