# 09.08.2021 Risk Assessment Meeting Notes ###### tags: `risk assessment` ## Agenda System model so far Verification process List of data/attributes for every Use case New developments ### System Model responsible entities: - not sure, who takes on responsibility for systems - risk delegated to service providers - no damages can be determined yet data: goes over process/workflow boundaries - PIN eID Card - eID Card data - tcTokenURL - redirectURL - eID Authentication data - eID Athentication Code #### Hotel use case as an example? unclear if webservice or device that scans identity might be used ### Verification Process Use phase - Identify and Authenticate - DIDCom authcrypt based to identitfy peer - CBase credentials within the message, or both for MFA - Authorize - verifiable credential based, varies with issuer, use case related #### Diagrams to be provided by jolocom ### List of data/attributes for every Use case who takes on legal responsibility?