1. Introduction

1.1 Purpose

The Operations Concept Document (OCD) declares the operational concepts applicable to DestinE Platform and provides the associated operational scenarios and information on the system configuration.

The purpose of the operational concept is to provide a full picture of how the DestinE Platform is operated.

1.2 Reference Documents

1.3 Acronyms and Abbreviations

2. Operations Concept overview

The Operational Concept Document (OCD) defines:

•the way (how) the system is configured in its nominal state

•the system user categories

Other objectives are:

•To establish a basis for requirements to support the system over its life, such as personnel requirements, support requirements, etc.

•To establish a basis for end-to-end validation planning, system‐level integration requirements, and any requirements for environmental simulators.

•To generate operational analysis models to test the validity of external interfaces between the system and its environment, including interactions with external systems.

2.1 General Concepts

General concepts on which the DestinE Core Service Platform is based are are reported here below.

2.1.1 DestinE Platform Configuration Board

Serco chairs the DestinE Platform Configuration Board to coordinate with its partners the platform operational configuration. The board is constituted by industry representatives of the platform with the possibility to consulting on implementation measures shall ensure development towards a sustainable ecosystem of services and users.

2.1.2 Single Sign On

The Identity and Access Service (IAM) provides the Single Sign On feature (see section 3.4). Users can access all the authorised DestinE Platform Services by a single log-in without the need to re-authenticate to access each service (and remain logged-in) until they perform the log-out scenario (see Section 3.4.6) or the user Authentication Token expires.

2.1.3 Authentication Tokens

The Authentication Token identifies the user after a successful log-in. It is generated by the IAM Service via the Token Issuer endpoint, and it contains all relevant information about the user such as Roles, Groups and Attributes.

This information is used by the Registered Services to properly assign specific access capabilities, quotas, roles and allowed behaviours.

The Authentication Token has a validity defined at the service level. After this period an Authentication Token will be considered invalid and not usable through the DestinE Platform. A valid token near to the expiration date can be refreshed by appropriate interactions with the Token Issuer endpoint provided by the platform IAM Service.

Each communication within the platform is established by using secure encrypted calls based on the HTTPS protocol. The IAM Service supports open Authentication protocol standards such as OAuth 2.0, OpenID Connect and SAML 2.0.

2.1.4 Security

Security by design principle is adopted for the platform to properly mitigate the risks associated with such a large system.

Serco in consultation with EC and ESA has the possibility of restricting, rejecting or revoking access to DestinE ecosystem to users or organisations in case of:

•an unfair use of the system, potentially impacting the performance of DestinE services, or

•people or organisations identified as not eligible for access by the European Commission.

•Upon ESA or EC request

2.1.5 GDPR

All Data related to DestinE Platform and managed by Serco are under Serco’s "Data Protection Framework" compliant with GDPR.

2.1.6 DestinE Platform Tenancy

The DestinE Platform supports the Tenancy feature, which enhances the user experience by enabling structured collaboration among groups of users (Tenancies), allowing them to access, manage, and consume dedicated resources through organized Projects. In particular:

•Tenancy is a logical container that groups users (Registered Users) who collaborate within the platform. It allows them to manage resources, projects, and access permissions collectively. Each Tenancy is managed by a Tenancy Admin or Delegated Admin.

•Project is a sub-entity within a Tenancy that organizes resources and participants. It links Tenancy Members to specific resources provided by service providers, enabling structured collaboration and resource usage. Each Project is managed by the Tenancy Admin or Project Admin.

A Tenancy can contain multiple Projects. Tenancy Members are assigned to Projects, and only those assigned (Project Participants) can access the resources allocated to that Project. This structure ensures secure, organized, and role-based access to services and data.

All details are provided in the Tenancy Operations Concept document 4].

2.1.7 Service Desk

The Service Desk acts as the primary contact point for service requests, user requests and issues reporting. It offers various communication channels and serves as the initiator for all established and standard procedures, evaluating additionally the custom ones. Specially, it leads the user feedback and satisfaction analysis process.

2.1.8 Registered Service

Within the DestinE Platform, a Service is a specific function operated by a Service Provider based on a service-level agreement.

A DestinE Platform Registered Service is a Service listed in the DestinE Platform Service Registry, and available with free access to authorized registered users, within the limits of the free tier provided by each Service Provider

A registered service has, as a minimum, the following main interfaces:

•It is integrated in the platform following an Onboarding Process.

•Access to and authorization are regulated by the platform IAM Service.

•It is catalogued in the platform Service Registry.

Moreover, registered services exposing a Graphical User Interface, follows the DestinE Platform visual identity guidelines.

Each Registered Service is categorised in one of the following service classes:

•Services available by default to all registered users, e.g. services that do not allow download of DestinE Primary and Altered Data.

oThis case may include Services that inherit download/access to DestinE Primary or Altered Data by the usage of user credential.

•Services available to registered users upon receiving approval from EC e.g. services that allow download/access of DestinE Primary and Altered Data.

Each registered service includes the categorization of functionalities and resources into

•a free tier, available to all registered users, and

•(optional) premium tiers, reserved for restricted group of users.

2.1.9 Federated Identity Provider

The platform is ready to federate external identity providers upon direct agreement with ESA/Serco and the external identity provider.

A Federated Identity Provider (example: a university) shall fulfil the following requirements:

•The users of the Federated Identity Provider can access DestinE Platform via their existing identity as Federated Users

•Its IAM Service is linked to DestinE Platform IAM Service.

•It is catalogued in the DestinE Platform Web Portal in a dedicated section listing DestinE Platform Identity Providers.

Figure 1: Federated Identity Providers

2.1.10 Federated Service

A Federated Service complies with the following requirements:

•The users of the DestinE Platform can access it via their existing platform identity

•Its IAM Service is linked to DestinE Platform IAM Service.

•It is catalogued in the DestinE Platform Service Registry.

Figure 2: Federated Service

2.2 DestinE Data

DestinE Data are defined as follows:

-“DestinE Primary Data” shall mean any datasets originating from operated ECMWF DestinE Digital Twins on the EuroHPC (LUMI, Leonardo, MareNostrum5, MeluXina) infrastructure and made available mainly through Polytope.

-“DestinE Altered Data” shall mean data derived from DestinE Primary Data retaining enough information to allow the retrieval of the DestinE Primary Data and do not contain a significant intellectual or creative achievement made by the user. DestinE Altered Data include but are not limited to histogram stretched data, reprojected data, subsets of substantial size in space or time.

-“DestinE Value Added Data” shall mean data derived from DestinE Primary Data or DestinE Altered Data, which do not allow the retrieval of the DestinE Primary Data and therefore do not allow the replication of the DestinE Primary Data as such, and which contain a significant intellectual or creative achievement made by the user. DestinE Value Added Data include but are not limited to classifications and trained models.

2.3 Actors

In this Section, the Actors identified in the framework of DestinE Platform and involved in the Operational Scenarios are described.

Each identified actor can be matched with the user groups described in the SIMPL platform architecture [RD-1]. Serco intends to reuse the same definition coherently within its own federated services to offer a unique continuity of services to the users. Particular attention is being paid to the link with the infrastructure provider to enable seamless scalability through a unique continuum of operations.

Actors are not constrained to a single role. When necessary, they have the flexibility to switch roles or even take on multiple roles simultaneously.

2.3.1 Unregistered users

Users who are not registered in the IAM Service and are therefore able to access a limited set of DestinE Platform functionalities.

2.3.2 Registered Users

Users registered in the IAM service and categorized as follows.

2.3.2.1 Standard Users

DestinE Platform Standard Users have performed the self-registration, and, with the Access Profile of Registered User, they consume a set of resources and services.

Categories of users are defined according to the possibility to ask for a complementary access to the different classes of services. These user categories are managed as distinct groups together by the platform and the services to properly regulate the access.

2.3.2.2 Registered Users Granted Upgraded Access

A registered user whose upgraded access to DestinE has been validated by the European Commission. Users Granted Upgraded Access are the following categories: Public authorities, Academia and Research, SMEs and start-ups, Third-country public authorities, DestinE Entrusted Entities’ staff and DestinE Entrusted Entities’ contractors, plus entities from third countries, on a case-by-case basis.

2.3.2.3 Federated users

Federated Users are users whose personal data are provided by an external Identity Provider and may be propagated to the IAM Service upon acceptance of the User.

The Federated Users are enabled to access platform features, functions and services freely accessible per default for platform Standard Users.

2.3.2.4 Tenancy Actors

DestinE Platform Tenancy Actors are Standard Users allowed to consume and manage resources related to Tenancy.

2.3.2.5 Registered Service Providers

Registered Services Providers are the providers of services listed in the platform Service Registry, and available to Standard Users. This group is composed of:

•Core Service Providers providing the Registered Services implemented and operated by Serco and its subcontractors.

•Framework Service Providers providing DestinE Platform Registered Services to offer applications and algorithms.

All Registered Services shall offer a free tier to all DestinE users corresponding to a DestinE Usage Profile describing the characteristics of the free access. The free tier can be enhanced through the direct procurement of resources directly to the service providers with a public offer documented in the Service Registry and characteristics referenced as Service Usage Profile (also referred as Premium).

The Platform Management Services offer only the DestinE Usage Profile.

2.3.3 DestinE Platform Administrators

A DestinE Platform Administrator is an actor in charge of managing the configuration elements of the DestinE Platform Core Services with administrative privileges. A DestinE Platform Administrator applies the identified operational routines and approved changes to the IAM Service and other components configurations.

The DestinE Platform Administrators are:

•The Operations Manager

•the IVV Manager, responsible of the end-to-end validation of the DestinE Platform System

•the User Community Manager

3. Operational Scenarios

These Operational Scenarios are mapped with the relevant functional areas described in the Destine Platform SDD and Master ICD.

3.1 Info Dissemination & Onboarding Support Service operational scenarios

3.1.1 Web Portal access and browsing

This scenario describes the content of Destine Platform website (Web Portal) and how users can browse it. Content is organized into functional utility panels, such as:

•“Home” Page, accessible as the first displayed page, containing: a description of Destine Platform, a summary of its latest news, a description of Destination Earth System and a link to its official website, a link to the service registry, a summary of the service onboarding procedure and a link to the onboarding panel, the logos of all the partners of consortium, and finally some links to support pages.

•“Services” panel, with the link redirecting to the Destine Platform Service Registry, which catalogues all services. For each service the Data Portfolio is described.

•“Onboarding” panel, where users can find a summary relevant the onboarding procedure, and a “Get on board” button redirecting to the entire procedure to become a Destine Platform Service Provider and integrate (onboard) a new service in the platform perimeter.

•“Updates” panel, reporting categorized news.

•“About” panel, providing general information about Destination Earth initiative and DestinE platform consortium’s Partners, with the link to their websites.

•“Support” panel linking to the Service Desk email and the relevant issue tracking system (including support for DTE and DEDL), the DestinE Platform knowledge base, including, among others, links to user guides, technical guides, webinars, DestinE Platfrom Dashboard, The Learning Hub, training or video tutorials, glossary, FAQs and the link to the Destine Platform Information Model.

•The “Log in/Register now” button, to access user individual profile information for the self-registration or login authorized panel of the Web Portal. The panel reports also the list of federated Identity Providers. Within the “account settings” section, a Panel containing a button to access user individual profile information (redirecting to the User Account Management UI, where they can visualize and edit the relevant attributes) is present.

•Footer complies with Destination Earth visual guidelines in terms of logos; colour follows the hex code #0D1527, moreover it reports legal information as DestinE Platform Code of Conduct (DCOC), Terms and Conditions and Privacy Policies.

•Header colour follows the hex code #0D1527, the DestinE Platform logo is present and the Login button is at the right of the header.

Unregistered users can visualize all Web Portal sections, but the documentation for Destine Platform Services.
‎

3.1.2 Web Portal content management

The process of managing web portal contents is to distribute information to the User Community so that to make it widely known and accessible. It involves the transmission, sharing, and delivery of information across the Destine Platform to reach the intended recipients. The overall process ensures that relevant and accurate information reaches the user in a timely manner. It plays a crucial role in communication, education, awareness campaigns, public relations, and knowledge sharing within the community. Being informed indeed, users can register to events, webinars, and services, increasing the audience share.

This scenario is played by the Destine Platform Administrators (Information Team) under the supervision of:

•The Communication Manager, for any content update

•The Web portal Service champion, for managing contents on the Web Portal

•The User community manager to approve all Knowledge base updates prior to release to the public.

The final objective of this scenario is to update the Web Portal contents periodically, in particular:

•The Web Portal is updated in its interactive image gallery, promoting material such as news, new partnerships and events.

•Success user stories (onboardings), announcements of achievements, future evolutions.

•Training material, guides, webinars and other information in the Knowledge BaseDestine Platform information model, ensuring that its contents are updated and maintained all along the duration of the Contract.

•News about services or events, Scheduled maintenance notices, temporary service disruptions, or data access interruptions.

The Service documentation provided by Service Providers is updated at each service upgrade by Information Team.

3.1.3 Community channels usage

Any user can access the Destine Platform community channels and go through different types of interactions.

Updates

Users finds the “Updates” panel among the ones reported in the Header of the Web Portal. It reports news of several categories, such as:

•Events: Events organized by DestinE Platform Consortium and External events to which DestinE Platform participates.

•General: Destine Platform Services maintenance and operations information - Newly registered services and relevant update of service offer.

•Technical: Destine Platform Services technical information (new features available to users, etc).

•Uncategorized: Covers event-related updates that do not clearly fall under the predefined categories. This may include preliminary announcements, miscellaneous notices, or items pending classification.

•All: Includes all event-related updates across categories. This category provides a comprehensive overview of every announcement, ensuring users don’t miss any important information regardless of its specific classification.

Community Forum (Phase 2)

Registered users can read or create contents on the Community Forum, i.e., post open questions in the Forum to which the Service Desk can respond in a way that is visible to all users. Furthermore, the forum allows users to reply to openly posted questions or to provide other kind of content useful for the user community.

Learning Hub

Registered users can access to Training material, guides, articles, demonstrators, webinars and other information in the Knowledge Base

3.1.4 Community channels management

Community channels are managed by User Community Manager and the Communication manager and kept updated by the Information Team.

Updates

The Communication Manager may receive hints and elements to prepare News from different actors (Service Manager, User community manager, Operations Manager, Business Manager). He/she is responsible for providing content to the Information Team, who will publish it.

Community Forum (Phase 2)

The forum moderator ensures that the forum operates smoothly, adheres to community guidelines, and maintains a respectful and constructive environment for users. The forum moderator is the User Community Manager. The Service Desk monitors the questions raised by Forum participants and forward them to the relevant Service Champion -in charge of responding to the community on specific service channels.

3.1.5 Onboarding procedure acquaint

The “Onboarding” panel of the Web Portal aims to acquaint the reader with existing regulations of the onboarding procedure, i.e., the steps a Standard User should perform to request that his/her Service becomes part of the DestinE Platform Ecosystem.

Under the “Request Onboarding” button redirecting to the Onboarding Procedure, it is specified that to continue the registration is needed.

The guide also describes the duties and benefits of a Service integration into Destine Platform, the security and technical requirements to be accomplished, and a high-level description of which information should be provided.

3.2 Service Desk operational scenarios

3.2.1 Support Request opening

This scenario describes how Destine Platform users can raise a support request - depending on their roles.

Any registered and logged user can open a support request onto the Destine Platform issue tracking system. The issue tracking system is reachable via a ‘Contact Us’ link present on the Web Portal. The request automatically opens a ticket into the Issue Tracking System (JIRA).

At ticket opening, the user is notified (via email). Service Desk response is put on Jira and results in automatic emails to the User. The user could be asked to provide further information if required. Ticket closure is notified to the user via email, with the option to provide feedback on the level of support received.

Unregistered users can open support requests only for registration related issues or for further information.

A Service Provider can open a support request as well but following a different procedure. He/she accesses to the Service Provider Jira Project and clicks to open a ticket, and assigns the issue to the User Community Manager, that is notified at any update of the issue within the project.

3.2.2 Support provisioning

The process of support provisioning involves Destine Platform Administrators and any relevant stakeholder through 3 levels of support.

3.2.3 Service Rating

A Destine Platform Standard User that has consumed any Registered Service (Platform Management Services, Data Management Services or an onboarded Service) is enabled to give a feedback about the quality and satisfaction of the consumed Service, with a 1 to 5 score. The platform is designed to gather feedback from users via a link in the header or footer of each service. This link redirects them to the Service Registry. Here, the user can vote by assigning the score.

Service Rating can be also performed directly via the Service Registry.

3.2.4 User Support Rating

Any user who opened a support request can rate the level of support received by raising a specific request. At support request closure, users are asked to rate the level of support received, in terms of effectiveness, efficiency and quality. Feedback is provided in terms of a score from 1 to 5 for different voices of evaluation (like a survey), onto the issue tracking system (JIRA DSD) where the support request is followed.

3.2.5 User feedback presentation

This scenario describes the process of data collection, preparation, analysis and presentation to relevant stakeholders (ESA and Consortium partners). It is performed by Destine Platform Administrators (User Community Manager) on the following items.

•Service rating. This data provides a quantitative information on the overall user experience on the Destine Platform. Data on service rating is collected by a dedicated component and available at the Monitoring system.

•User support rating, that include key performance metrics to evaluate the effectiveness, the efficiency and the quality of support. Example of metrics are response time, resolution time, incident/request volume and other derived quantities. This data cope in identifying areas for improvement, and track service level adherence. Data on user support rating is stored within the issue tracking system.

•Events analytics, such as the number of participants to events, webinars, or training sessions. This data provides insights on user engagement during dedicated events. The platform is designed to present User feedback analytics (i.e. User support rating and service rating) on a private page of the Executive Dashboard to ESA.

Moreover, service usage statistics, giving quantitative information on user’s uptake on single services (e.g., data access, downloads, number of active users, etc) are provided by any Destine Platform Service and stored at the Service Operations Monitoring Dashboard Service.

Statistics regarding the number of active users per service, along with other statistics on registered users are publicly visible within the DestinE platform dashboard.

3.3 Service Registry operational scenarios

3.3.1 Service Discovery

Unregistered and registered users can visualize and read the catalogue of Destine Platform Registered Services exposed by the Service Registry. The Services discoverable via Service registry are:

•Data Management Services

•New registered Services, included in the Destine Platform Framework after the onboarding process.

Additionally, the Web Portal displays a generic grouping of services that are either in the process of being onboarded or have recently (within the last few months) entered the Service Registry. These services are categorized as:

•Operative: Services that are fully operational.

•Beta Testing: Services that are available in a preliminary version for testing purposes. They are intended for early feedback and validation.

•Coming Soon: Services that have completed initial onboarding steps and are planned for release shortly. They are not yet active but are visible to inform users of upcoming capabilities.

The Service Registry supports the possibility of searching for services according to defined data model defining keywords/ filtering criteria guaranteeing an intuitive and uniform representation of Destine Platform Services. The information provided for each service within the Service Registry includes the Data Portfolio. Moreover, the Service Registry is designed to support a specific area where the user, after selecting a service, can provide a satisfaction score i.e. Service rating.

Unregistered users can visualize the list of Services, but to access them they need to be registered, authorised and logged in.

3.3.2 Onboarding support request

A Destine Platform Standard User willing to become a Service Provider can request to onboard a new service in DestinE Platform via the dedicated onboarding panel of the Web Portal.

The Standard User, after the login to the Web portal, finds the onboarding page with dedicated panels and forms to be filled.

Main steps are:

•Acceptance of the DTaC (DestinE Terms and Conditions, and acknowledge applicable DestinE Platform Framework Technical Requirements and DestinE Platform Security Requirements

•Send to the Service Desk required information as per Onboarding Procedure available online in the “Onboarding” section of the platform web pages

At the end of this steps:

•sent information are stored and handled via a JIRA Ticketing System.

•the Service Desk is notified (JIRA new ticket) of a new Service Onboarding request and find all the material associated to the onboarding request via a JIRA Ticketing System.

•The Standard User which submitted the request receives an email confirming the Service Onboarding Request submission.

From this moment on, Standard Users follows the status of their request notified via email(pending/successful/rejected). Service publication and registration

After the successful Service Evaluation the Destine Platform Administrator receives a notification from the Service Integration Manager or by their delegate concerning the successful approval of the onboarding of a new Service. After that a set of integration tasks are assigned to the service provider on a dedicated JIRA channel (DOSI).At the end of the process, when all the assigned task are completed tthe Service is deployed in the target environment, and Destine Platform Administrator register the new Service in the Service Registry. All deployment tasks in the Production environment related to new services or new releases are managed through a dedicated Jira project (DCM)

As output:

•The Standard User receives a confirmation on Jira DCM and via email of the successful service registration. Moreover he/she is informed of his/her new role within the IAM Service as ‘service provider’.

•The new Service is visible to all Destine Platform users. Each registered service is characterised by a set of metadata, this allows the service discovery from the Web Portal

3.4 IAM Service operational scenarios

3.4.1 Destine Platform Self-Registration

This scenario describes how unregistered users become Destine Platform Standard Users registering by themselves with self-declaration and self-defined username and password.

An unregistered user reaches the Web Portal of the ID&OS Service. A “Log in/Register now” button dedicated to the registration is present.

In the registration form, unregistered users must provide their name and contact email, along with metadata such as gender, country, and a “user profile” selected from predefined options.

In the registration form, in addition to the required User Attribute Fields, the user is invited to review and accept the DestinE Platform “Code of Conduct”, the “Terms and Conditions”, the “Privacy policies” and the “Legal Notice”.

Users click on the check boxes and the “sign up” is enabled. By clicking on it, the user is redirected to the SSO page (to the IAM Service) to perform the registration of a new account.

The new account is activated clicking on a link received via email, to validate the registration.

At the end of the user registration scenario:

•On first access, the user is asked to log-in. Login form is visible and easily accessible from all visitor users not logged.

•Destine Platform Standard Users have full access to the knowledge base at the Web Portal (webinars, documentation, user guides, training material);

•The user can open and update tickets thanks to the Service Desk interface.

•The user can log-in into Destine Platform after entering the correct username/email and password, otherwise an error message is displayed.

•The user's login activity is logged (in compliance to the GDPR) for auditing and security purposes.

•DestinE Platform Standard Users can request a role upgrade to access DestinE data, based on the user profile specified during registration.

oThe upgrade request undergoes an evaluation process concluding with either an approval or a rejection, which is then communicated to the Standard User via email. The Authorization flow is detailed in Section 3.4.4.

3.4.2 Destine Platform Registered Services registration

The scenario describing the procedure to become a DestinE Platform Registered Service Provider is covered by scenarios in Sections 3.1.5 and 3.3.2.

3.4.3 Destine Platform Federated Services registration

This scenario describes how an external service can become a Federated Service and how to enable its own users to access the platform as Federated Users.

The applicant sends the Federated Service registration request to the Service Desk.

After the completion, all Destine Platform users can login and consume Federated Services using their credentials.

3.4.4 Authorization scenario

3.4.4.1 User upgrade access policy

DestinE Platform users, once registered, are authorised to access and consume services as foreseen by their user profile. Moreover, once logged in into the IAM Service, they may request a role upgrade as depicted in the following Figure.

Figure 3: Registered Users authorization level upgrade

To initiate this process, registered users shall:

•Access the dedicated form available on the Web Portal designed for user authorization schema upgrade requests.

•Fill in the necessary User Data and submit the completed form.

The Web Portal service performs a pre-validation check to ensure the request is well-formed and that all required data have been provided. Additionally, the IAM checks whether the user's email domain is in the blacklist (not company/institutional domains such us gmail.com Yahoo.com, etc...) or whether it is already part of the whitelisted email domains:

•If it is, the user's authorization level is immediately updated.

•If not, the request is forwarded to the European Commission (DG-CNECT).

The European Commission receives a notification about all pending requests. They can confirm or deny the user access policy requests and provide motivation if needed.

The approval or the rejection is notified via email to the user contact indicated in the registration form.

3.4.4.2 Service Authorization

The integration of the IAM service is part of the “Service Integration” stage.

Within the IAM Service, Registered Service Providers can manage their own Service Authorization via a dedicated section of the User Account Management UI. In this section, the Service Provider can assign specific Client-roles to DestinE Platform Users and to manage Service Resources protected by the platform IAM Service.

3.4.5 Authentication scenario

This scenario describes the log-in of DestinE Platform registered users, using IAM Service.

After a successful registration, a DestinE Platform Standard User can log-in into the Web Portal of the ID&OS Service, thanks to the dedicated “login button”.

After a successful Credential Validation phase, in case of a User participating in at least one Tenant, is required and requested to user to specify the “Context” of the current session. The “Context” is defined for the implementation of the Tenant scenario. In fact, a Standard User participating in a Tenant as Member, after the login can choose to behave like a Standard User or as Tenant Member of the Tenant to which he/she belongs. A User can participate to more than one Tenant.

Once logged-in, he/she can access all the authorised platform Services without performing the log-in again (and remain logged-in) until he/she performs the log-out scenario (see Section 3.4.6) or until the user authentication token does not expire.

If a DestinE Platform Standard User access directly one of the platform Services, without having performed the log-in via Web Portal, the user is redirect to IAM Service page to insert credentials.

Moreover, federated users can login into DestinE Platform using their credentials, selecting one of the federated IdP listed in the “Log in” Button of the Web Portal.

3.4.6 Log-out

This scenario describes how a DestinE Platform Registered User can log-out.

When a user wants to log out of DestinE Platform Services that have a graphical user interface (GUI), they can simply click on the log-out button found on the main page of the corresponding GUI. By doing so, the user is redirected to the IAM Service to complete the log-out process. The user token shall be invalidated, and the account disconnected. A message of log-out successful is shown to the user.

If the service does not have a GUI, the logout is performed via Web Portal or directly via IAM Service exposed API.

3.4.7 Forgot password

This scenario describes how a DestinE Platform Standard User can reset his/her platform password.

The user accesses the Web Portal and clicking on the “forgot password” button is redirected to Keycloak and performs the forgot password procedure, according to the password rules set in Keycloak itself.

The password rules are: the password shall contain minimum 8 characters and shall accept alphanumeric characters plus the following: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “)”, “(“, “+”, “=”, “.”, “_”, “-“

3.4.8 User deletion

This scenario describes how a DestinE Platform account can be deleted.

The deletion can be performed by triggering a request via Service-Desk.

As result of the completed procedure, the account and all User related data are deleted.

In case of Tenant Member, all the Tenant-context-related User Data will be deleted.

•Delete Account and related User Data

•Implement compliance with GDPR’s right to erasure.

3.4.9 Tenant Technical Administrator access

This scenario describes the functionalities provided to a Tenant Technical Administrator by a dedicated Tenant management section of the User Account Management UI:

•Manage a set of DestinE Platform resources assigned to Tenant (purchase/dismiss/assign resources to Tenant members)

•Manage Tenant group membership (add/remove Standard Users to/from Tenant group)

•Send Tenant membership Invitation to Standard Users

3.4.10 Tenant invitation

In this scenario is described how a Tenant Admin can send to a target DestinE Platform Standard User a Membership invitation.

The Tenant Admin access the Tenant management section and send to a target existing user, the request to join for a specific Tenant.

When a DestinE Platform Standard User receives such an invitation, he/she has the option to redeem the code or follow the link to finally become a Tenant Member.

Note that a DestinE Platform Standard User has the flexibility to participate in multiple tenants, not limited to just one.

3.4.11 Tenant Member access

This scenario describes the functionalities provided to a Tenant Member after login:

•Consume the Tenant resources

•Resign to Tenant Membership in the User Profile section of the User Account Management UI

To login as Tenant Member a user needs to select the "context" for the session, which determines the Tenant Resources accessible to the User. The context selection also allows the option to function as a platform Standard User.

3.4.12 Federated user access

This scenario describes the functionalities provided to a Federated User and the login phase.

Federated users have access to all DestinE Platform Standard User - Basic functions (2.3.2.1).

The login page shows the user the ability to execute a login with one of the federated external IAMs.

As a federated user, the user chooses and is redirected to the specific external IAM to perform the login.

The Login phase is managed by the Federated external IAM, after a successful login the user is redirected to the platform.

The user can review and authorize the sharing of external User Profile attributes within the DestinE Platform IAM Service. These data are used in the relevant monitoring and reporting functionalities in compliance to the GDPR.

The DestinE Platform IAM Service stores the agreed-by-user Federated User Information except for the User Credentials.

3.4.13 Registered User access

This scenario describes the functionalities provided to a Registered User and the login phase. The functionalities comprehend:

•access to all the Services that do not allow downloading DestinE Altered Data;

•full access to the DestinE Platform Web Portal and to information on the access modalities and useful contacts;

•access the online discussion platform (Forum) with his/her nickname and write contents/posts, share information and provide feedback/suggestions to the registered services;

•contact the Service Desk for any information and request, open and update tickets.

•access the user profile section to modify personal information in the dedicated IAM Service form.

•request the removal of its own account (GDPR “right to erasure”).

•depending on the user profile, request the access policy upgrade, following the process in Section 3.4.4.1.

The access to DestinE Platform happens via Web GUI provided by the platform Web Portal, thanks to the dedicated “login button”. This button redirects the user to the log-in form of the IAM Service where credentials are required to successfully authenticate the user (obtain a valid Authentication Token). With this flow, the User is completely unaware of the Authentication Token management. In case of missing Authentication Token, the User is redirected to the IAM Service log-in page.

The login button/link can be displayed also by platform Services.

Another access option is via Command Line interface by directly interacting with the Token issuing endpoint provided by the IAM Service (dedicated to technical expert users and scripting purposes). The issued Authentication Token can be attached to the Service Requests that the User performs.

3.4.14 Registered Service Provider access

This scenario describes the functionalities provided to a Registered Service Provider:

•perform all DestinE Platform Standard User functions

•Service Deployment to designated Infrastructure (Runtime Platform, OVH Infrastructure, External Infrastructure)

•DestinE Platform IAM Service Integration

•register and manage Service Resources (as URIs) through the IAM Service

And optionally:

•Utilise the ecosystem orchestration, high-availability and autoscaling features (available with the Runtime Platform deployment)

•Utilise the ecosystem monitoring and reporting service (available with the Runtime Platform deployment or proper component integration)

Service Providers login in the same way of Standard Users.

3.5 Accounting operational scenarios

3.5.1 Integration of a new Service with Accounting

In the context of Service onboarding detailed in, a Service can integrate the Accounting/Clearing House Service as part of the “Service Integration” stage.

The DestinE Platform Accounting/Clearing House Service allows a Service Provider to record all the available Transactions.

It is assumed that:

•the Service has been already registered into the DestinE Platform Service Registry, and that it has (as part of the onboarding) defined all its available transactions.

•The Service has been integrated already with the DestinE Platform IAM Service.

The Clearing House - responsible for storing, querying and reporting on the Service transactions and consumptions - exposes the following functions for the Service Provider (Service Transaction listing, Consumption Storing, Consumptions Querying and Consumption Reporting).

3.5.2 Service and Transactions definition

This scenario describes how a Service Provider defines its representation within the Accounting by describing the available transactions.

In the Accounting, a Service is a container for a set of Transactions.

A Transaction is a configuration element which represents a Service Allocated Resource (for a specific Tenancy Project) and enables the accounting component to receive related Resource Consumption Events from Services Applications.

Service and Transactions representations are configured by DestinE Platform Administrator during the Resource Allocation Procedure according to Resource Offer Template received by Service Provider.

3.5.3 Service Consumption logging

The element in charge of managing all the occurring transactions is the Clearing House via the Accounting component. Management is in terms of:

•Storing Consumptions

•Querying the stored Consumptions according to selection criteria

•Export reports on stored Consumptions

Whenever a Service executes a Consumption, it shall record an entry within the Accounting which will contain as a minimum, the transaction ID, the Consumption ID, the timestamp, the User ID of the originator (user or another service account) the quantity of the Consumption if any.

Accounting stored Consumptions are gathered and aggregated by IAM Tenancy Management component, to provide the detailed list of Consumptions for:

-Users (as Resource Consumer): to monitor every Consumptions happened through DestinE Platform Services

-Service Providers (as Resource Providers): to monitor Consumptions happened through their Allocated Resources.

-Tenancy/Project Admins (as Resource Managers): to monitor Consumptions happened through managed Projects.

3.6 Dashboard Services operational scenarios

3.6.1 DestinE Platform Services monitoring

The service monitoring stakeholders are the User Community manager, Operations Manager and Service Manager, interested in monitoring the various services status and capacity

The information and parameters of interest are:

•collected from several sources time-tagged and suitably formatted for further processing by other functions;

•recorded in real-time and long-term databases: the real time database is designed as rolling archive providing access with minimal delay to the parameters of interest and the long-term database, a.k.a. data lake, is designed to provide a persistent store of records;

•visualized using graphic application requesting time series or cumulative parameters from the DBs (e.g. Grafana).

3.6.2 DestinE Platform Services Reporting

The data mining, targeting mainly to the data warehouse, allows extracting both basic information (e.g. values of records in a given time range) and processed information (e.g. value of function of several records, its integral over time, etc.) in order to routinely, according to a configurable schedule, report them onto Service Operations Monitoring Dashboard reports.

3.6.3 DestinE Platform Services Alerting

DestinE Platform includes the possibility to set of rule engine able to check if any monitored parameter crosses some threshold. The evaluation processes are also helped by an alerting tool which sends messages (sms or emails) to the Operations Team in case a significant event is detected.

3.7 Infrastructure operational scenarios

3.7.1 Cloud Resources consumption

This scenario describes how different category of users can consume Cloud Services.

DestinE Platform service providers

Can consume OVH resources in two ways (not mutually exclusive):

•Runtime - Service Providers can access computing resources in form of containers orchestrated on a Kubernetes-based platform (the Runtime Platform), when the agreement for payment organisation is in place with Serco.

•OVH4DESP: The Service Providers can request to the Operations Team the creation of an OVHcloud Public Cloud Project under the Serco account registered in OVH. In this case, the Service providers can benefit from the agreement in place between Serco and OVHcloud guaranteeing the availability of the OVHcloud engineering support on the OVHcloud Public Cloud Project, when the agreement for payment organisation is in place with Serco.

•Custom infrastructure: The Service Providers can use another Public Cloud provider in Europe.

A Service Provider whose services are hosted on the Runtime Platform can consume OVH Cloud Services belonging to his/her Project – being the Projects in the same OVH Cloud account.

‎