Example
Example scenario
Consider that the eco-system provides the base use case of a ‘strong digital identity’. It would thus provide the following high-level scenario.
Scenario Name: Preliminary use for IdEF
Scenario Description: In this scenario, a preliminary use for a digital identity is captured – that of obtaining a digital identity from an IdP and using it to create an account at an RP. Additionally, it is imagined that for the IdP and RP to work together, they need to be part of a ‘trust framework’, and that the IdP and RP have as yet unidentified interactions with ‘the’/’a’ trust framework provider.
Corresponds to: None
From the above figure, following are the interactions
A. User registers for a digital identity
B. User gets a credential associated with the identity
C. User opens an account with a relying party using the above identity
D. User logs back into the same account at the relying party using the same identity
X. Identity Provider 'gets into the Trust Framework'
Y. Relying Party 'gets into the same Trust Framework'
Interaction Details
More detailed description for the interactions are
A. User registers for a digital identity
Parties involved: User, IdP Direction of the interaction: User goes to IdP (web site) Data: TBD (What does the user give to IdP in order to be able to register?) Sub-scenario: none
Security Considerations
Privacy Considerations
Standards Considerations
UX Considerations
Policy Considerations
B. User gets a credential associated with the identity
Parties involved: User, IdP Direction of the interaction: User goes to IdP (web site) Data: TBD (What does the user give to IdP in order to be able to associate a credential to a particular identity?) Sub-scenario: none
Security Considerations
Privacy Considerations
Standards Considerations
UX Considerations
Policy Considerations
C. User opens an account with a relying party using the above identity
Parties involved: User, RP Direction of the interaction: User goes to RP (web site) Data: N/A Sub-scenario: Example Login Scenario
Security Considerations
Privacy Considerations
Standards Considerations
UX Considerations
Policy Considerations
D. User logs back into the same account at the relying party using the same identity
Parties involved: User, RP Direction of the interaction: User goes to RP (web site) Data: N/A Sub-scenario: Example Login Scenario
Security Considerations
Privacy Considerations
Standards Considerations
UX Considerations
Policy Considerations
X. Identity Provider 'gets into the Trust Framework'
Parties involved: IdP, TFP Direction of the interaction: IdP approaches TFP Data: TBD Sub-scenario: Example Service Provider Enrolling into TFP
Security Considerations
Privacy Considerations
Standards Considerations
UX Considerations
Policy Considerations
Y. Relying Party 'gets into the same Trust Framework'
Parties involved: RP, TFP Direction of the interaction: RP approaches TFP Data: TBD Sub-scenario: Example Service Provider Enrolling into TFP