portfolio website templates

Green Button Implementation

Overview

The following material represents the culmination of months of collaboration among industry experts to develop an interoperable and extensible authorization capability for Green Button Connect My Data (CMD).  The architecture described integrates NAESB's "REQ.21 Energy Services Provider Interface" (ESPI), IETF's "The OAuth 2.0 Authorization Framework" [RFC 6749], and "The OAuth 2.0 Authorization Framework: Bearer Token Usage" [RFC 6750] standards.  This solution responds to customer requirements by leveraging the strengths of each of these standards to achieve a robust, secure, and interoperable authorization scheme for Green Button Connect My Data.


The following diagram depicts the logical components of both Green Button Download My Data (DMD) and Green Button Connect My Data (CMD).  The names and roles of the actors (Data Custodian, Third Party, and Retail Customer) are described in the "Green Button Terms" table..


                        


Green Button Download My Data (DMD) represents the access of Energy Usage Information (EUI) by a Retail Customer from a Data Custodian (typically a utility) via a web browser through the Data Custodian's web portal.  This access results in a file containing the Retail Customer's Energy Usage Information being downloaded to their computer for future use.  The red arrows in the diagram show the DMD flow.


Green Button Connect My Data (CMD) enables a Retail Customer to "authorize" a service provider (Third Party) to access their Energy Usage Information directly from the Data Custodian without further interaction by the Retail Customer.  The blue arrows in the diagram show CMD required authorization mechanisms.


The "One-time Authorization", depicted by the blue arrows, involves an exchange of information between the Data Custodian and Third Party systems.  The data exchange occurs through web browser redirection and is initiated by a Retail Customer accessing either their Data Custodian or a Third Party service provider via a web browser.  Although the redirection is performed by the web browser, to ensure security of the data being exchanged, all redirection is achieved without the information being shown to the Retail Customer,


The ESPI and OAuth 2.0 Authorization Framework standardize the information that must flow between the Data Custodian and Third Party.  However, the method used by both parties to authenticate a Retail Customer, as well as other interactions between the Retail Customer and either the Data Custodian or Third Party web portals are left up to each provider to determine.

Green Button Terms

TermDefinition
Data CustodianAn entity holding Retail Customer Energy Usage Information.
Third PartyAn Entity which provides some service to a Retail Customer based on their Energy Usage Information
Authorized Third PartyA Third Party that is permitted to access Energy Usage Information
Retail CustomerAny Entity that obtains gas, electricity, or water service for their own consumption.
Web PortalA web site hosted by a Data Custodian or Third Party and accessed by a Retail Customer to authorize or otherwise manage services related to the exchange of Energy Usage Information.
Web Service ConsumerThe client side of the web service sending requests to the provider.
Web Service ProviderAn automated REST web service hosted by either the Data Custodian or Third Party.
User (Browser)The web browser or other web application via which the Retail Customer interacts with the Web Portal.
Third Party RegistrationA process by which a Third Party establishes a relationship with a Data Custodian enabling them to perform authorization and the exchange of Energy Usage Information.
Data Custodian ManagementA trusted management application that communicates with the Data Custodian's REST web services.
Upload ApplicationA remote application with limited rights to upload meter data to the Data Custodian via REST web services.
AuthorizationThe result of a process by which the Retail Customer provides informed consent.