Application Flows
The basic login sequence that dictates which flow the users enters automatically based on the available data.
The flow that allows the user to start the Second Factor registration process.
This flow illustrates the steps to be taken when the user is shown the Second Factor overview page and opts to revoke a token
This is the procedure the Registration Authority must follow in order to complete the registration of a second factor.
The Registration Code is deemed valid if it is attached to a Second Factor that has been created by the registrant, which is linked with a verified email address. Furthermore the Second Factor may not have been already registered (a Second Factor cannot be registered twice).
The Proof of Possession is given by performing a challenge-response cycle for the Second Factor on the spot. This means that for SMS-tokens the RA will trigger the sending of an OTP to the registered phone number, for Tiqr the RA will initiate a SAML request in a new window and for Yubikey the Registrant will have to enter the Yubikey-OTP. If the response is valid, the proof of possession has been given.
The identity is verified when the Registration Authority has verified the valid Identity Document (passport, EU drivers license...) with the physical presence of the registrant and enter the document type and (partial) document number.
