This is an old revision of the document!
Return to User Scenario: Identity
Nancy is a USA citizen and plans a month-long European vacation with 4 major legs all within the Schengen Agreement Zone1).
Many companies have adopted Multifactor Authentication (MFA) to help avoid fraudulent acitivies.
Nancy needs to identify herself while planning for the trip and during the trip, potentially exposing a lot of Personal Identifiable Information (PII), Digital Signature as well as financial information (i.e., Credit Cards, Debit Cards, etc.) to numerous people in numerous countries from the beginning to the end. In addition to the exposure of her PII to the corporations, businesses, and individuals that she has direct business with, she also has to worry about her PII being processed by partner organizations working with businesses she is working with. As a result of poor Data Residency requirements, her PII might be processed and stored across the world thus limiting her ability for recourse if there are compromises. See 4.3.4.1 Confidentiality.
An overview of the trip is: