PID Deletion¶
This flow describes the PID deletion process.
Design Decision¶
The PID deletion is triggered either because the user specifically wants to delete its PID or all of the WI's data or because the user blocked or forgot its RWSCA-PIN. In both cases, the UI shall clearly communicate the consequences:
- the PID credential is deleted
- the user to set-up a new RWSCA-PIN
- the user has to get the PID re-issued, e.g. using the eID Card, before any identification using the PID
As the user may have forgotten its RWSCA-PIN, the delete operation of the Remote WSCA does not require user's knowledge factor, but only the WI's possession factor as established during Remote WSCA registration. To prevent denial of service of attackers holding an unlocked phone, the WI requires the user to authenticate using the platform authenticator.
The WI then first deletes the data at the Remote WSCA using Delete Account operation and then deletes all local data in the WI.
Data Flow¶
This section describes the data flow of the PID deletion in a sequence diagram and a more detailed table. Artifacts in italics are further explained in the data register chapter
Sequence Diagram¶
Detailed Description¶
| No | Description |
|---|---|
| 001 | The user clicks/triggers to delete its PID. The UI should communicate the user the impact and consequences of this operation. |
| 002 | The user is requested to authenticate with the platform authenticator to consent to delete the PID. |
| 003 - 005 | The WI requests the Remote WSCA Delete Account operation authenticating only with the possession factor that was established during Create Account operation. The Remote WSCA deletes all data related to the account rwsca_account_id from its RWSCA Account Database, including the two-factor authentication public keys and the RWSCA-PIN retry counter. The Remote WSCA responds and acknowledges the deletion of the account. |
| 006 | The WI deletes all data related to the PID and the RWSCA account, this includes:
|