1. SWIM Service Description Handbook
  2. Guidance on individual requirements

SWIM-SERV-013 Access and use conditions

Last updated: JUNE 13th, 2019


Requirement

Title

Service access and use conditions

Identifier

SWIM-SERV-013

Requirement

A service description shall include the conditions which apply to accessing and using the service, such as

  • legal constraint;
  • service policies;
  • service consumption constraints; and
  • security constraints.

Rationale

This requirement ensures that a service consumer is aware of any limitations on the access and use of the service.

It is good practice to share business constraint information associated with the conditions of usage of the service.

Verification

Completeness: Verify that the elements included cover the required constraints and policies.

Consistency: Not Applicable.

Correctness: Not Applicable.

Examples/Notes

Example legal constraints:

  • Licenses to be bought;
  • Intellectual property rights to be respected.

Example services policies:

  • Contingency policy;
  • Business policy(s) in terms of business rule or objective i.e. how the business is conducted;
  • Operational policy(s) (i.e. constraints and requirements for how services operate and interoperate at runtime) in terms of rules and guidelines. Operational policies are utility centric (handling operational characteristics) covering mainly; , logging, messaging protocol and versioning. Normally standardised for a defined collection of services;
  • Technical policy(s). Technical policies can (if available) be provided in machine-readable format;
  • Versioning scheme used (e.g. major.minor[.fix]) and the compatibility guaranteed between different versions (e.g. backwards compatibility is guaranteed between minor versions but not for major);
  • Lifecycle policy applied to the service (e.g. to allow consumers to know that he is not investing on a soon to be retired service).

Example service consumption constraints:

  • The maximum number of requests per time window allowed for a service consumer.

Example security constraints:

  • Confidentiality:
    • Statement of the confidentiality offered by the service (e.g. message, transport, none…);
    • Elements of the payload whose confidentiality is required or provided (whole payload, body, specific sub-elements…);
    • Cryptographic algorithms and key sizes;
  • Integrity:
    • Statement of the integrity offered by the service (e.g. message, transport…);
    • Elements of the payload whose integrity is required or provided (whole payload, body, specific sub-elements…);
    • Cryptographic algorithms and key sizes;
  • Authentication:
    • Statement of the authentication mechanisms used on consumer and provider side;
    • Statement of the failed authentication constraints;
    • Identity tokens;
  • Authorisation:
    • Statement on the authorisation mechanism used;
    • Credentials used for the authorisation;
    • Levels of authorisation.

Note: Additional use conditions could be diplomatic, geographical reasons, safety criticality and fees to be paid, for instance.

Level of Implementation

Mandatory

Guidance

No guidance provided.