Version: 3.8.x.x RR

User verification and user enrollment

Access to the private key of the user is required during the following FIDO UAF operations:

FIDO Registration
FIDO Authentication
FIDO Transaction Confirmation

Every time that access to the private key is required, the user must be verified. User verification is therefore a mandatory step in the above operations.

Performing the user verification is one of the main tasks of the FIDO UAF authenticators. An authenticator can only verify a user if the user has previously set up the authenticator locally. This local setup process is called user enrollment. User enrollment is not specified by the FIDO Alliance, but is a prerequisite.

The following figure shows the user verification flow:

The FIDO UAF Authenticators section provides more information on how the different authenticators handle user verification and user enrollment, and how they can be configured.