The actor in the use case shown in Figure 149 is a user who utilises a service
client to discover an IoT Service or a high-level service composition or
orchestration. An example for such a service is discovery. The following use
cases are all depicted in Figure 149.
Authenticate the user: The user is authenticated and an assertion of his
identity is provided^10. Discover person-related IoT services for authorised personnel: This use
case extends the original discovery IoT service by adding security and
privacy protection functionality. The use case includes:o Authorise general access to discovery: Apply access restriction to the
authenticated user. Such restriction may include further obligations
like pseudomisation of the result.o Discover service based on service specification.o As mentioned above this use case is just a place holder.o Filter discovery results: The original result list of the previous use
case is limited to those results the authenticated user is allowed to
see.o Create and deploy new pseudonym: An optional use case, in which
the identifier which is discovered will be replaced by a pseudonym
and provided to the user.It is assumed as a pre-condition that the user is known and can be
authenticated (e.g. through a password or asymmetric key). The authentication
use case only has to be executed once for the validation period of the given
assertion. In addition, the policies regarding the discovery of services with
respect to privacy are deployed at the respective component. As a post-
condition of the secure discovery of an IoT service, the user only receives those
services that he is entitled to see due to privacy restrictions.
(^10) As an example, an OASIS SAML Authentication Assertion could be provided.