Security Service Refactored

56b1a52c · Jorge Moratinos · 82580d5f · 56b1a52c
Commit 56b1a52c authored 10 months ago by Jorge Moratinos
--- a/doc/testing/testplan/api_security_service/README.md
+++ b/doc/testing/testplan/api_security_service/README.md
@@ -13,6 +13,12 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority)

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Store signed Certificate
+  3. Create Security Context
+
 **Information of Test**:

  1. Perform [Invoker Onboarding]
@@ -21,12 +27,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Use **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
-  3. Create Security Context
-
 **Expected Result**:

  1. Create security context:
@@ -47,6 +47,12 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context using Provider certificate
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -56,12 +62,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context using Provider certificate
-
 **Expected Result**:

  1. Create security context using Provider certificate:
@@ -74,6 +74,7 @@ At this documentation you will have all information and related files and exampl

  2. No context stored at DB

+
 ## Test Case 3: Create a security context for an API invoker with Provider entity role and invalid apiInvokerId

 **Test ID**:: ***capif_security_api-3***
@@ -86,6 +87,11 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role

+**Execution Steps**:
+
+  1. Register Provider at CCF
+  2. Create Security Context using Provider certificate
+
 **Information of Test**:

  1. Perform [Provider Registration]
@@ -95,11 +101,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
-
 **Expected Result**:

  1. Create security context using Provider certificate:
@@ -111,6 +112,7 @@ At this documentation you will have all information and related files and exampl
        * cause with message "User role must be invoker".
  2. No context stored at DB

+
 ## Test Case 4: Create a security context for an API invoker with Invoker entity role and invalid apiInvokerId

 **Test ID**:: ***capif_security_api-4***
@@ -123,6 +125,11 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with invalid apiInvokerId

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Create Security Context using Provider certificate
+
 **Information of Test**:

  1. Perform [Invoker Onboarding]
@@ -132,11 +139,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Use **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Create Security Context using Provider certificate
-
 **Expected Result**:

  1. Create security context using Provider certificate:
@@ -162,6 +164,13 @@ At this documentation you will have all information and related files and exampl

  * Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context using Provider certificate
+  4. Retrieve Security Context by Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -175,13 +184,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context using Provider certificate
-  4. Retrieve Security Context by Provider
-
 **Expected Result**:

  1. Retrieve security context:
@@ -201,6 +203,12 @@ At this documentation you will have all information and related files and exampl

  * Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context

+**Execution Steps**:
+
+  2. Register Provider at CCF
+  3. Create Security Context using Provider certificate
+  4. Retrieve Security Context by Provider of invalid invoker
+
 **Information of Test**:

  1. Perform [Provider Registration]
@@ -209,12 +217,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
     * Using **AEF Certificate**.

-**Execution Steps**:
-
-  2. Register Provider at CCF
-  3. Create Security Context using Provider certificate
-  4. Retrieve Security Context by Provider of invalid invoker
-
 **Expected Result**:

  1. Retrieve security context:
@@ -238,6 +240,13 @@ At this documentation you will have all information and related files and exampl

  * API Exposure Function is not pre-authorised (has invalid apfId)

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Store signed Certificate
+  3. Create Security Context
+  4. Retrieve Security Context as Provider.
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -251,13 +260,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
-  3. Create Security Context
-  4. Retrieve Security Context as Provider.
-
 **Expected Result**:

  1. Create security context:
@@ -281,6 +283,13 @@ At this documentation you will have all information and related files and exampl

  * Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context using Provider certificate
+  4. Delete Security Context by Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -298,13 +307,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context using Provider certificate
-  4. Delete Security Context by Provider
-
 **Expected Result**:

  1. Delete security context:
@@ -331,6 +333,12 @@ At this documentation you will have all information and related files and exampl

  * Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context

+**Execution Steps**:
+
+  1. Register Provider at CCF
+  2. Create Security Context using Provider certificate
+  3. Delete Security Context by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -344,12 +352,6 @@ At this documentation you will have all information and related files and exampl
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Use **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
-  3. Delete Security Context by Invoker
-
 **Expected Result**:

  1. Delete security context:
@@ -373,6 +375,11 @@ At this documentation you will have all information and related files and exampl

  * Invoker is pre-authorised.

+**Execution Steps**:
+
+  1. Register Provider at CCF
+  2. Delete Security Context by invoker
+
 **Information of Test**:

  1. Perform [Invoker Onboarding]
@@ -381,11 +388,6 @@ At this documentation you will have all information and related files and exampl
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
     * Use **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF
-  2. Delete Security Context by invoker
-
 **Expected Result**:

  1. Delete security context:
@@ -409,6 +411,11 @@ At this documentation you will have all information and related files and exampl

  * Provider is pre-authorised (has valid apfId from CAPIF Authority).

+**Execution Steps**:
+
+  1. Register Provider at CCF
+  2. Delete Security Context by provider
+
 **Information of Test**:

  1. Perform [Provider Registration]
@@ -417,11 +424,6 @@ At this documentation you will have all information and related files and exampl
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
     * Use **AEF Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF
-  2. Delete Security Context by provider
-
 **Expected Result**:

  1. Retrieve security context:
@@ -445,6 +447,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context By Invoker
+  4. Update Security Context By Invoker
+  5. Retrieve Security Context By Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -463,14 +473,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**.

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context By Invoker
-  4. Update Security Context By Invoker
-  5. Retrieve Security Context By Provider
-
 **Expected Result**:

  1. Update security context:
@@ -496,6 +498,13 @@ At this documentation you will have all information and related files and exampl
  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized.
  * Invoker has created the Security Context previously.

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context
+  4. Update Security Context as Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -510,13 +519,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body] but with notification destination modified to **http://robot.testing2**
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context
-  4. Update Security Context as Provider
-
 **Expected Result**:

  1. Update security context:
@@ -541,6 +543,11 @@ At this documentation you will have all information and related files and exampl
  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized.
  * Invoker has created the Security Context previously.

+**Execution Steps**:
+
+  1. Register Provider at CCF
+  2. Update Security Context as Provider
+
 **Information of Test**:

  1. Perform [Provider Registration]
@@ -550,11 +557,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF
-  2. Update Security Context as Provider
-
 **Expected Result**:

  1. Update security context:
@@ -578,6 +580,11 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority)

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Update Security Context
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -587,11 +594,6 @@ At this documentation you will have all information and related files and exampl
     * body [service security body]
     * Using **Invoker Certificate**.

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Update Security Context
-
 **Expected Result**:

 1. Retrieve security context:
@@ -615,6 +617,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context by Invoker
+  4. Revoke Security Context by Provider
+  5. Retrieve Security Context by Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -633,15 +643,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**.

-
-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context by Invoker
-  4. Revoke Security Context by Provider
-  5. Retrieve Security Context by Provider
-
 **Expected Result**:

  1. Revoke Authorization:
@@ -668,6 +669,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context
+  4. Revoke Security Context by invoker
+  5. Retrieve Security Context
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -686,14 +695,6 @@ At this documentation you will have all information and related files and exampl
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using Provider Certificate

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context
-  4. Revoke Security Context by invoker
-  5. Retrieve Security Context
-
 **Expected Result**:

  1. Revoke Security Context by invoker:
@@ -722,6 +723,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized

+**Execution Steps**:
+
+  1. Register and onboard Invoker at CCF
+  2. Register Provider at CCF
+  3. Create Security Context
+  4. Revoke Security Context by Provider
+  5. Retrieve Security Context
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -741,14 +750,6 @@ At this documentation you will have all information and related files and exampl
     * This request will ask with parameter to retrieve authenticationInfo and authorizationInfo
     * Using **AEF Certificate**.

-**Execution Steps**:
-
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
-  3. Create Security Context
-  4. Revoke Security Context by Provider
-  5. Retrieve Security Context
-
 **Expected Result**:

  1. Revoke Security Context by invoker:
@@ -778,6 +779,14 @@ At this documentation you will have all information and related files and exampl
  * API Invoker is pre-authorised (has valid apiInvokerId)
  * Service API of Provider is published

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -806,14 +815,6 @@ At this documentation you will have all information and related files and exampl
       * Create Scope properly for request: ***3gpp#{aef_id}:{api_name}***
     * Using **Invoker Certificate**.

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -834,6 +835,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -861,14 +870,6 @@ At this documentation you will have all information and related files and exampl
       * ***grant_type=client_credentials***
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Provider
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -877,6 +878,7 @@ At this documentation you will have all information and related files and exampl
        * error unauthorized_client
        * error_description=Role not authorized for this API route

+
 ## Test Case 21: Retrieve access token by Provider with invalid apiInvokerId

 **Test ID**:: ***capif_security_api-21***
@@ -889,6 +891,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Provider
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -916,14 +926,6 @@ At this documentation you will have all information and related files and exampl
       * ***grant_type=client_credentials***
     * Using **AEF Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Provider
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -945,6 +947,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised (has valid apiInvokerId)

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -968,14 +978,6 @@ At this documentation you will have all information and related files and exampl
       * ***grant_type=client_credentials***
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -989,6 +991,7 @@ At this documentation you will have all information and related files and exampl

 **NOTE: ProblemDetails29571 is the definition present for this request at swagger of ProblemDetails, and this is different from definition of ProblemDetails across other CAPIF Services**

+
 ## Test Case 23: Retrieve access token with invalid client_id

 **Test ID**:: ***capif_security_api-23***
@@ -1001,6 +1004,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -1029,14 +1040,6 @@ At this documentation you will have all information and related files and exampl
       * **client_id is not-valid** 
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -1058,6 +1061,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -1085,14 +1096,6 @@ At this documentation you will have all information and related files and exampl
       * ***grant_type=not_valid***
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -1113,6 +1116,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -1141,14 +1152,6 @@ At this documentation you will have all information and related files and exampl
       * ***scope=not-valid-scope***
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -1170,6 +1173,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -1198,14 +1209,6 @@ At this documentation you will have all information and related files and exampl
       * ***scope=3gpp#1234:**service_1***
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -1227,6 +1230,14 @@ At this documentation you will have all information and related files and exampl

  * API Invoker is pre-authorised and Provider is also authorized

+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+  2. Register and onboard Invoker at CCF
+  3. Discover Service APIs by Invoker.
+  4. Create Security Context According to Service APIs discovered.
+  5. Request Access Token by Invoker
+
 **Information of Test**:

  1. Perform [Provider Registration] and [Invoker Onboarding]
@@ -1255,14 +1266,6 @@ At this documentation you will have all information and related files and exampl
       * ***scope=3gpp#{aef_id}:not-valid***
     * Using **Invoker Certificate**

-**Execution Steps**:
-
-  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
-  2. Register and onboard Invoker at CCF
-  3. Discover Service APIs by Invoker.
-  4. Create Security Context According to Service APIs discovered.
-  5. Request Access Token by Invoker
-
 **Expected Result**:

  1. Response to Request of Access Token:
@@ -1273,9 +1276,6 @@ At this documentation you will have all information and related files and exampl


  [Return To All Test Plans]: ../README.md
-
-
-
  [service security body]: ./service_security.json  "Service Security Request"
  [security notification body]: ./security_notification.json  "Security Notification Request"
  [access token req body]: ./access_token_req.json  "Access Token Request"