...
U_ELIGIBILITY_CHECK
U_INTRODUCE_FACTOR/U_PREREGISTER_TOKEN if the user (is expected to) posses a token at the time of registration, could be alternatively done during vetting ) (token preregistration)
U_CREATE_VETTING_CODE (typically for later token activation, but could also to identify user registration at the start of vetting)
...
V_CHECK_ELIGIBILITY optional, if U_ELIGIBILITY_CHECK was not performed, or if it was not sufficient; may include chech/examination of a firectory, federated identity, or written institutional certificate
V_VET_USER_IDENTITY
...
PRESENT_PROOF typically picture ID doc with demographic and biometric data
V_CREATE_DIGITAL_IDENTITY optional, only if the user does not already possess IdP identity, done before V_VET_USER_IDENTITY in order to allow parallelism at the service desk; should be undo-able if V_VET_USER_IDENTITY fails. Includes creation of the username and the password and check of their alignment with the enforced policies
V_HAND_OVER_TOKEN optional, if the token is provided by the service desk
V_VET_USER_IDENTITY detailed check of ID validity and match with the person
V_VET_ PROOF read and inspect the ID doc, compare the user name with the vetting request, check ID security features, optionally electronically read the ID doc, optionally externally check doc validity, compare photo/biometrics match with the person,
V_CHECK_LIVENESS optional, in case online identity vetting, otherwise implied by V_VET_ PROOF conducted with the user
V_RECORD_PROOF_AUDIT_DATA optional, typicaly by recording the last digits of ID doc number (avoid recording excess personal data, photots of the person or ID doc)
V_USE_TOKEN if HAND_OVER_TOKEN, done by the user in parallel with V_VET_USER_IDENTITY
V_PASSWORD_AUTHENTICATION like U_PASSWORD_AUTHENTICATION
V_REGISTER_TOKEN like U_INTRODUCE_FACTOR could be standalone even without V_HAND_OVER_TOKEN, but unnecessary with U_INTRODUCE_FACTOR/U_PREREGISTER_TOKEN and V_USE_VETTING_CODE; the used token will be later bound to digital identity
V_VET_RECORD if both V_VET_USER_IDENTITY and V_USE_TOKEN if HAND_OVER_TOKEN were successful, otherwise reverse V_CREATE_DIGITAL_IDENTITY
B_BIND I would move F_SELECTION DEFINED and F_AUTHENTICATION earlier
---
*F Factor Initiation?/(pre-)registration?
...
It may also be used to (cross-) check second/third/... factor knowledge/possession/inheritance/...
Input:
Output:
REFERENCED FROM: B
I Identity Vetting
...
Example1: Show ID document besides the head to prove ID document and holder match.
Example2: Upload ID document and real-time recorded selfie.
Input: any mean to show liveness
...
Establishment of a binding between the digital identity of the user and factor
(Optional) F_SELECTION DEFINED AT: F
Selection of a particular factor/authenticator may take place while or after identity vetting.
...