diff --git a/Views/Home/Index.cshtml b/Views/Home/Index.cshtml index c3cb6c5..9c3d3da 100644 --- a/Views/Home/Index.cshtml +++ b/Views/Home/Index.cshtml @@ -1,20 +1,241 @@ @{ var claims = ViewBag.Claims as List; - var token = ViewBag.Token; - } + var token = ViewBag.Token; + ViewData["Title"] = "Agency Self Service Demo"; +} - @if (ViewBag.Claims != null) -{ -

You are authenticated

- @token +
+ +
+
+
+

Agency Self Service Demo

+

This demonstration showcases how an agency might implement secure identity + verification and account management using ID.me's digital identity network integrated using OIDC and + ASP.NET.

+

In this demo, we simulate the use of ID.me for both Authentication Assurance Level + 2 (AAL2) and Identity Assurance Level 2 (IAL2):

+
    +
  • AAL2 Authentication: High confidence that the user + controls an authenticator bound to the subscriber's account. It requires either multi-factor + authentication or two single-factor authenticators.
    • +
  • IAL2 Verification: High confidence in the asserted + identity’s validity. Involves rigorous identity proofing processes like government-issued ID and + biometric comparison.
    • +
+

Note: While this demo doesn't perform actual verifications, these measures ensure a high + level of security and identity assurance for accessing sensitive information or performing critical + transactions.

+
+
+
-} -else{ -

You are not authenticated

- - - Sign in - + +
+
+
+

Authenticate

+
+
-} - \ No newline at end of file + @if (ViewBag.Claims == null) + { +
+ + Sign in + +
+ } + else + { +
+ @if (ViewBag.Claims == null) + { +
+ + Sign in + +
+ } + else + { +
You are authenticated
+ +
Received payload from ID.me:
+
+ + + + + + + + + @foreach (var claim in ViewBag.Claims) + { + + + + + } + +
Claim TypeClaim Value
@claim.Type@claim.Value
+
+ } +
+ + } +
+
+
+ + +
+
+ +
+

+ +

+
+
+

ID.me is a digital identity network that helps people prove their identity online, similar to + a physical ID card but for the internet.

+
    +
  • Secure identity verification to access sensitive information and perform important + transactions
    • +
  • Portability across government agencies and private sector services
    • +
  • Compliance with federal identity, credential, and access management (ICAM) standards +
    • +
  • Protection of personal information through encryption and secure data practices
    • +
+
+
+
+ +
+

+ +

+
+
+

ID.me follows guidelines set by the National Institute of Standards and Technology (NIST) for + identity verification, specifically adhering to Identity Assurance Level 2 (IAL2) as defined + in NIST Special Publication 800-63A. IAL2 provides high confidence in the asserted + identity's validity. Key aspects of IAL2 include:

+
    +
  • Remote or in-person identity proofing
    • +
  • Verification of government-issued photo ID
    • +
  • Confirmation that identifying information is valid and current
    • +
  • Verification of physical or biometric characteristics to the applicant's physical + presence
    • +
+

The ID.me verification process typically involves the following steps:

+
    +
  1. Create an ID.me account or sign in to an existing one.
    2. +
  2. Set up multi-factor authentication for added security.
    3. + +
  3. Upload images of your government-issued photo ID (e.g., driver's license or passport). +
    4. +
  4. Take a selfie for biometric verification, ensuring it matches the photo on your ID.
    5. +
  5. Provide additional information for verification checks, such as SSN. +
    6. +
+

Note: This demo is for simulation purposes only. Please use fictitious data + for verification.

+
+
+
+ +
+

+ +

+
+
+

If you tried verifying your identity using Self-Service and weren't successful, you may have + the option to finish verifying on a video call with a Video Chat Agent. Video Chat Agents, + or Trusted Referees, are trained identity specialists employed by ID.me to verify your + identity.

+

The video chat verification process typically involves:

+
    +
  1. Preparing necessary documents (e.g., government-issued ID, proof of address).
    2. +
  2. Joining the video call at the scheduled time.
    3. +
  3. Answering questions and showing your documents to the Trusted Referee.
    4. +
  4. Completing any additional steps as guided by the Trusted Referee.
    5. +
+

This option ensures that even if the automated online process doesn't work for you, you still + have a way to verify your identity and access the services you need.

+

ID.me supports over 200+ languages for our video chat verification option, ensuring equity of + access.

+
+
+
+ +
+

+ +

+
+
+

This application integrates with ID.me using OpenID Connect (OIDC), a secure authentication + protocol built on top of OAuth 2.0.

+
    +
  1. When you click the "Sign in with ID.me" button, the application initiates an OIDC flow. +
    2. +
  2. You're redirected to ID.me to authenticate and verify your identity.
    3. +
  3. After successful verification, ID.me sends an authorization code back to this + application.
    4. +
  4. The application exchanges this code for ID tokens and access tokens.
    5. +
  5. These tokens contain claims about your identity, which the application can use to grant + access to protected resources.
    6. +
+

Important Security Note: In production, tokens would be sent as JWEs (JSON + Web Encryption) to protect sensitive identity information. This adds an extra layer of + protection.

+
+
+
+
+
+ + +
+
+
+
For more information:
+ +
+
+
+
diff --git a/Views/Shared/_Layout.cshtml b/Views/Shared/_Layout.cshtml index 0b59b3f..bfdca9f 100644 --- a/Views/Shared/_Layout.cshtml +++ b/Views/Shared/_Layout.cshtml @@ -5,21 +5,12 @@ @ViewData["Title"] + + - - - - - - - - @@ -27,17 +18,14 @@