Versions Compared

Old Version 23

changes.mady.by.user Krijn Reijnders

Saved on

compared with

New Version 24

changes.mady.by.user Remco Westenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This part of the iSHARE Scheme is considered normative and is therefore compliant with RFC 2119.

Excerpt

This chapter summarises the responsibilities and functional requirements per role:


One requirement to any legal entity fulfilling a role is that they MUST they MUST provide a unique identifier.


...

Adhering roles

Please refer to the detailed Operation descriptions for  for what criteria need to be met to be admitted to the iSHARE network.

Service Consumer

The Service Consumer-role is fulfilled by a legal entity that consumes that consumes a service, such as data, as provided by a Service Provider. 

A Service Consumer can be represented by a machine (its system) or a human, fittingly called the Machine Service Consumer and the Human Service Consumer.

The functional requirements applicable to Service Consumers are as follows:

  • iSHARE adherence is REQUIRED. 

Service Provider

The Service The Service Provider-role is role is fulfilled by a legal entity that provides a service, such as data, for consumption by a Service Consumer.

The functional requirements applicable to Service Providers are as follows:

  • iSHARE adherence is REQUIRED;
  • All user interfaces available in an iSHARE context MUST comply comply with the iSHARE's user interface requirements.

Entitled Party

The Entitled Party-role is fulfilled by a legal entity that has one or more rights to a service provided by a Service Provider, for example to data. These rights, or entitlements, are established in a legal relation between the Entitled Party and the Service Provider.

...

  • iSHARE adherence is REQUIRED.


...

Certified roles

In line with guiding principle 3, iSHARE utilises the utilises the Afsprakenstelsel elektronische toegangsdiensten as a building block for certifying Identity Providers, Identity Brokers, and Authorization Registries. Therefore, to  become to  become an iSHARE certified party, a legal entity MUST (first) be admitted to the the Afsprakenstelsel elektronische toegangsdiensten (in the relevant role). The  The relevant roles include:

Please refer to the detailed Operation descriptions for for what (other) criteria need to be met to be admitted to the iSHARE network.

Identity Provider

The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates humans (and specifically, Human Service Consumers representing Service Consumers). An Identity Provider: 

  • Provides identifiers for humans;
  • Issues credentials (i.e. a password  a password or electronic keycard) to humans;On  to humans;
  • Can hold information on authorisations of humans representing a Service Consumer;
    i.e. information indicating which humans are authorised to act on a Service Consumer's behalf.
  • Can, on the basis of this identification information, identifies identify and authenticates authenticate humans for Service Providers and determine whether the human representing a legal entity is authorised to take delivery of a service. 
  • Can confirm whether this is the case to the Service Provider

As a result, Service Providers can outsource identification and authentication to an Identity Provider instead of implementing their own tooling. 

...

  • All responsibilities and functional requirements applicable to Afsprakenstelsel elektronische toegangsdiensten role Herkenningsmakelaar.

  • iSHARE certification is REQUIRED;
  • All user interfaces available in an iSHARE context MUST comply comply with the iSHARE's user interface requirements.

Authorization Registry

The Authorization Registry-role is fulfilled by a legal entity who provides solutions for adhering parties for the storage of delegation- and authorisation information. An AuthoriZation Authorization Registry: 

  • Can hold information on delegations to Service Consumers;
    i.e. information indicating what parts of the rights of an Entitled Party are delegated to a Service Consumer.Can hold information on authorisations of humans representing a Service Consumer;
    i.e. information indicating which humans are authorised to act on a Service Consumer's behalf.
  • Can check, on the basis of this information, whether a human or machine representing a legal entity is authorised to take delivery of a service;
  • Can confirm whether this is the case to the Service Provider. 

As a result, Adhering Parties can outsource tasks concerning the management of authorisation and delegation information to an Authorization an Authorization Registry instead of implementing their own tooling.

The functional requirements applicable to Authorization Registries are Registries are as follows:

  • All responsibilities and functional requirements applicable to Afsprakenstelsel elektronische toegangsdiensten role Machtigingenregister.

  • iSHARE certification is REQUIRED.