...
| Activity | Subactivity | Subsubactivity | mandatory/optional? | Increases/Decreases LoA | ||
|---|---|---|---|---|---|---|
| 1) 2FA token request | 1.1) User provides user info | mandatory | ||||
| 2) 2FA (pre-)registration | 2.1) User selects 2FA token | optional | ||||
| 2.2) User performs authentication with that token to prove possession | optional | |||||
| 3) Identification | 3.1) Eligibility check of user | optional | ||||
| 3.2) Vet identity of user | ||||||
| 3.2.1) Compare claimed/transmitted/spoken information with user's identity proof (e.g. ID doc, activation code) | mandatory | |||||
| 3.2.2) Check user's identity proof with it's original source for validity | optional | ↓ | ||||
| 3.2.3) Record identity proof | ||||||
| 4) Token binding | 4.1) User chooses own token or handover of token to usruser | optional when activity 2 took place | ||||
4.2) Bind token to digital ID | mandatory | ↓ | 4.3) Token activation, precondition: successful 3.2.1) | |||
| 4.23) Token-proof of-possession (e.g. test authentication) | optional | |||||
| 4.4) Token activation | ||||||
| 4.5) Inform user |