Versions Compared

Old Version 54

changes.mady.by.user Jule Ziegler

Saved on

compared with

New Version 55

changes.mady.by.user Jule Ziegler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Verify, resume, and potentially update the context established during the initiation, or do the work that shouls have been in it. For example, if the applicant is allowed to come to a service desk, the ceky key elements of the initiation still must be performed, such as C_CHECK_ELIGIBILITY and C_SELECT_NEW_FACTOR, while those that only relevant with

V_CONFIRM_AVAILABILITY The vetting can be rejected if the service desk operator or front or back-end services are not available

...

(V_CREATE_DIGITAL_IDENTITY only if the applicant does not already possess IdP identity (weak or 1st factor identity). This is optional and often prohibited or or discouraged and avoided except for those in need of assistance or VIP individuals, done before V_VET_APPLICANT_IDENTITY in order to allow parallelism at the service desk; should be undo-able if V_VET_APPLICANT_IDENTITY fails. This includes check of the alignment with the enforced policies, informing of the applicant about the rules associated with this factor, creation of the username and the password,  and providing the applicant with them)

C_SELECT_NEW_FACTOR DEFINED IN C d at C quite unlikely but may offer some flexibility by modifying the original choice made during the initiation

...

  • 8.2.1 Credential creation
    • 8.2.1.1 Credential pre-processing
    • 8.2.1.2 Credential initialization
    • 8.2.1.3 Credential binding
  • 8.2.2 Credential issuance
  • 8.2.3 Credential activation
  • 8.2.7 Record-keeping do we need a "record"-activity for the binding/activiation process?

The used names and descriptions aim to be mapable to those processes and be terminologically compatible with ITU-T X.1254 and its definitions of terms. An additional specifics in relation the above listed processes is that we focus on authentication factors (something that is possessed, known or inherent), as opposed to of credentials (data sets that could be presented). The subject entities are referred to as applicants, who are the physical persons whose identity is to be authenticated.

...