Versions Compared

Old Version 44

changes.mady.by.user Jule Ziegler

Saved on

compared with

New Version 45

changes.mady.by.user Jule Ziegler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

--- Structure based on Flow: SURFnet 4.8-9 Registration Desk (Self-service token registration) and Flow: SURFnet 4.4 Mobile Application with Optical Scan + NFC +Selfie, to be combined with Jule's detailed structure below...

U_REGISTER/INITIATE I Initiate (U - is User the word? Candidate?? Or I=INITIATE R=REQUEST/REGISTER)

...

Applicant) optional

?_?? (optional)

V_AUTHENTICATE

U_ELIGIBILITY_CHECK

sending the token

U_INTRODUCE_FACTOR/U_PREREGISTER_TOKEN (optional) if the user (is expected to) posses a token at the time of registration, could be alternatively done during vetting (token preregistration)

U_CREATE_VETTING_CODE (typically for later token activation, but could also to identify user registration at the start of vetting)

U_COMMUNICATEARRANGE_VETTING _SPECIFICS (optional, only if the e-mail used scheduling, appointment, activation code communication or other relevant interaction, when this could be piggybacked to it)

U_GET_EMAIL_ADDRESS (if e-mail is used, from IdP account data or user)

U_SCHEDULE_VETTING ( optional, only if the load at the service desk requires this)

U_SENDCOMMUNICATE_VETTING_INTRO_MESSAGE (INFO with token activation or QR code, email validation link, instructions, application link, service desk contacts or address and appointment details, or whatever is needed)

U_VALIDATE/BIND_EMAIL ( optional, if a valid e-mail address is not already assured/guaranteed and accessible from the IdP data upon password login)

V _VETDo the vetting

V_NEGOTIATE /INITIATE (optional, related to U_SCHEDULE_VETTING)

...

V_CHECK_ELIGIBILITY optional, if U_ELIGIBILITY_CHECK was not performed, or if it was not sufficient; may include V_AUTHENTICATE, chech/examination of a firectorydirectory, federated identity, or written institutional certificate

V_PRESENT_PROOF applicant presents a proof of identity, typically picture ID doc with demographic and biometric data

(V_CREATE_DIGITAL_IDENTITY optional, only if the user does not already possess IdP identity (weak or 1st factor identity), done before V_VET_USER_IDENTITY in order to allow parallelism at the service desk; should be undo-able if V_VET_USER_IDENTITY fails. Includes creation of the username and the password and check of their alignment with the enforced policies)

V_SELECT_FACTOR

V_HAND_OVER_

...

FACTOR optional, (if the token is provided by the service desk)

V_VET_USER_IDENTITY detailed check of ID validity and match with the person

...