This is an old revision of the document!
ADUCID provides authentication. It guarantees that PEIG is identified every single time by AIM and also PEIG always recognized particular AIM.
Target application which uses ADUCID authentication needs some key to bind authentication to its own user database. It might use AUDCID UID (User database index), e-mail or any other attribute.
As result a particular PEIG (or more PEIGs in replica) are bound to target application. So that application “knows” which user requests an operation.
This is only technical perspective of authentication. The most important issue for service provider is to know if that PEIG is owned by “right” person – or “proofed” person. This is accomplished by process called Identity proofing.
Thera are several ways how to proof a user. He/she can get to an office, show ID and get proofed. Or he/ she can be visited by person how can verify his / her identity. Or user can fill in a form, send it with a copy of her / his ID.
To proof someone’s identity there has to be some administrator with right to verify and approve users. This administrator has to have role called “registrator” and has to be proofed and verified using personal factor.
ADUCID demonstrates and supports these basic scenarios:
User goes to an office and meets an administrator. Administrator fills in user details, verifies his / her ID. As result he gives / sends him an activation code.
Using this code user can finish the proofing process by providing it to proofing application.
In this scenario user fills in a form and sends it to registration point (scan of ID might be required). Then he/ she goes to the office, administrator verifies this form and approves the user.
As in first scenario a uses comes in an office and meets an administrator. But no activation code is created / sent. Instead user scans a QR code displayed on administrator’s PEIG.
If one AIM contains proofed identities, it can act as identity provider for other AIMs (this scenario must be enabled and supported by both sides).
ADUCID recognizes two proofing levels – with or without personal factor. AIM either support personal factor proofing or not (this decision should be done when AIM is installed).
All proofing methods are bound to this setting
Proofing is supported by ADUCID server methods and adapters. Application developer can use these methods / adapters to approve (proof) user and evaluate proofing status e.g. you can allow login only for proofed users who successfully provide their personal factor.
SDK methods also support proofing form and proofing code.
All identity proofing scenarios are demonstrated in proofing applications. These applications can be installed with ADUCID Server Kit as an option.
ADUCID UserAdmin application shows current proofing status of a particular user.
See Javadoc and Tomcat adapter documentation for details.