E11: Blacklist & Security¶
Overview¶
Bounded Context / Service: Blacklist Service, Admin Portal
Goal: Manage banned individuals and enforce purchase restrictions based on legal requirements.
Priority: High
Primary User Roles¶
- Security Admin (BLACKADMIN role)
Scope¶
In-Scope¶
- CSV bulk import with OIB validation
- Pre-match blacklist refresh workflow (clear all, import fresh)
- CRUD operations for individual entries
- Real-time blacklist check during purchase
- Violation monitoring (blocked purchase attempts report)
- Automatic ticket cancellation on blacklist entry
- Buyer vs ticket holder cancellation rules
- No refund for blacklisted individuals
- MUP referral messaging
Out-of-Scope¶
- Automatic integration with MUP database
- Facial recognition at gates
Features¶
| ID | Feature | Size | Description |
|---|---|---|---|
| E11-F1 | Blacklist Data Model | S | Database schema for blacklist |
| E11-F2 | Blacklist CSV Import | S | Bulk import from CSV |
| E11-F3 | Blacklist Check Service | S | Real-time validation API |
| E11-F4 | Auto-Cancel Tickets on Blacklist Entry | M | Cancel existing tickets |
| E11-F5 | Violation Monitoring Report | S | Blocked attempts tracking |
Dependencies¶
- Ticket service for automatic cancellation
- Notification service for alerts
Risks & Open Questions¶
MUP Contact Information
What MUP (Ministry of Interior) contact information should appear in error messages?
Data Retention
What is the data retention policy for blacklist entries?
Related Documentation¶
Last Updated: January 2026