...
C_CHECK_ELIGIBILITY (optional, may require C_USE_EXISTING_FACTOR)Even if it was performed during the initiation, the applicant situation may change in the meantime; may depend on prior C_USE_EXISTING_FACTOR or V_PRESENT_PROOF, or on the identifying information verbally provided by the applicant (this is more humane than starting with V_PRESENT_PROOF right awayaaway).
V_PRESENT_PROOF applicant presents a proof of identity, typically a sanctioned type of picture ID doc with demographic and biometric data
(V_CREATE_DIGITAL_IDENTITY only if the applicant does not already possess IdP identity (weak or 1st factor identity). This is optional and often prohibited or or discouraged and avoided except for those in need of assistance or VIP individuals, done before V_VET_APPLICANT_IDENTITY in order to allow parallelism at the service desk; should be undo-able if V_VET_APPLICANT_IDENTITY fails. This includes check of the alignment with the enforced policies, informing of the applicant about the rules associated with this factor, creation of the username and the password, and providng providing the applicant with them)
C_SELECT_FACTOR defined DEFINED IN C d at C quite unlikely but may offer some flexibility by modifying the original choice made during the initiation
...
C: Commons
#short description
C_USE_EXISTING_FACTOR Authenticate Existing Factor → TODO: C_LOGIN?
The applicant authenticates with his/her exisiting factor(s). Username/password login is typically the first existing factor that is readily available.
...
Output: factor request
-??
C_USESELECT_NEW_FACTOR Use Introduced Factor
The applicant selects the type Usage of the introduced factor may serve multiple purposes at different stages.
E.g. Use introduced factor to test functioning, to prove knowledge/possession/inheritance/... or to make sure factors match.
Input:
Output:
C_CHECK_ELIGIBILITY Check Eligibility of Applicant
Check if the applicant is eligible to request an additional factor. For example, if there are some policy or contractual restrictions. is the applicant associated with participating organisation and eligible for the offered delivery of the additional physical factor such as token.
Done by manual or automated check a directory, federated identity, or examination of a written institutional certificate.
Input: applicant's identifying information
Output: decision: eligible (yes/no)
C_SELECT_FACTOR
The applicant selects the type of the new factor to be introduced, if there are several options. The offered options may depend of the place of the use, for example a wider set of options may be available during initiation than with a particular vetting the user was directed to at the initiation phase.
There may be different factor (types), e.g. something you know/have/are, the applicant can choose from as well as multiple realization options/products per factor (e.g. Yubikey, Google Authenticator) AKA authenticators.
Input: List of possible factors/authenticators
Output: factor selected/assigned and known/(or) in possession/... by the applicant
Input:
Output:
new factor to be introduced, if there are several options. The offered options may depend of the place of the use, for example a wider set of options may be available during initiation than with a particular vetting the user was directed to at the initiation phase.
There may be different factor (types), e.g. something you know/have/are, the applicant can choose from as well as multiple realization options/products per factor (e.g. Yubikey, Google Authenticator) AKA authenticators.
Input: List of possible factors/authenticators
Output: factor selected/assigned and known/(or) in possession/... by the applicant
Input:
Output:
C_USE_NEW_FACTOR Use Introduced Factor
Usage of the introduced factor may serve multiple purposes at different stages.
E.g. Use introduced factor to test functioning, to prove knowledge/possession/inheritance/... or to make sure factors match.
Input:
Output:
C_CHECK_ELIGIBILITY Check Eligibility of Applicant
Check if the applicant is eligible to request an additional factor. For example, if there are some policy or contractual restrictions. is the applicant associated with participating organisation and eligible for the offered delivery of the additional physical factor such as token.
Done by manual or automated check a directory, federated identity, or examination of a written institutional certificate.
Input: applicant's identifying information
Output: decision: eligible (yes/no)
I: Application and Initiation
...
Optional, if there are several options for factors that may ve offeret be offered at he start. may affect the options to be used during the vetting phase.
...
Capture and verify information about a user for identification.
(Optional) V_SCHEDULE Identification session arrangement and scheduling
Schedule an identification session in order to identify the user.
Optional action. Real-time interaction may not be required.
Input:
Output: identity vetting appointment
Effect on LoA: not applicable
V_PROOF???
Compare the claimed identity (information) which is transmitted by the user or system with user's identity proof (e.g. ID doc, activation code).
...