DragonBe · August 16, 2021 07:03 · Aug 5, 2021 · Aug 5, 2021
diff --git a/auth-standard-requirements.md b/auth-standard-requirements.md
@@ -43,7 +43,7 @@ To tackle the common application pattern for authenticating, registering, resett
 ### Deactivation of an account
 
 1. User provides a username
-2. Message informs user that if account is known, an email or a text message will be sent with instructions to reset their account (for both valid and invalid accounts)
+2. Message informs user that if account is known, an email or a text message will be sent with instructions to deactivate their account (for both valid and invalid accounts)
 3. The code has to be entered or the link in the email has to be followed
 4. The user has to explicitly confirm again to deactivate or remove the account
 5. Deactivation process is completed

diff --git a/auth-standard-requirements.md b/auth-standard-requirements.md
@@ -0,0 +1,50 @@
+# Auth Stnadard Requirements
+
+## Problem statement
+To tackle the common application pattern for authenticating, registering, resetting credentials, verifying, and unregistering from an application, the common patterns exists but many implementations make it hard to use the best solutions of different frameworks. While almost each application has this requirement, no standard has been defined.
+
+## Possible reasons why it's difficult
+
+- Too many backend solutions for storing and updating credentials (DB, LDAP/AD, API, SSO, SAML, …)
+- Added complexity when authorisation is required
+- Added complexity when MFA is required
+- Frameworks provide their own tools for integration, but are not interchangeable
+
+## Common components used
+
+- a username: can take the form of a number, a string of characters, an email address
+- a password or passphrase: random characters known only to the user (if generated randomly)
+- an email address or phone number: for validation purposes
+
+## Common scenarios used
+
+### Registration of a new user
+
+1. Registers for an account with username, password, password validation, some personal details, and an email address or phone number for validation purposes
+2. Receives a confirmation email or text message with a verification code or link
+3. Enters the validation code or clicks the validation link
+4. Registration process is completed
+
+### Authentication of an existing user
+
+1. Signs in with known username and password/passphrase
+2. If successful, authentication is completed
+3. If unsuccessful, login screen is returned with an error message
+4. Authentication process is completed
+
+### Reset of an account
+
+1. User provides username
+2. Message informs user that if account is known, an email or a text message will be sent with instructions to reset their account (for both valid and invalid accounts)
+3. The code has to be entered or the link in the mail has to be followed
+4. The user provides a new password/passphrase (with second credential field for validation)
+5. Reset process is completed
+
+### Deactivation of an account
+
+1. User provides a username
+2. Message informs user that if account is known, an email or a text message will be sent with instructions to reset their account (for both valid and invalid accounts)
+3. The code has to be entered or the link in the email has to be followed
+4. The user has to explicitly confirm again to deactivate or remove the account
+5. Deactivation process is completed
+