...
Annie Applicant wants to use an application service. The application service requires a CommIT account for authentication. She has never created a CommIT account anywhere else. She may or may not have local participant accounts elsewhere. She is given the option of logging in with her CommIT credentials or creating CommIT credentials. Since she does not believe she has CommIT credentials, she chooses to create an CommIT account, and clicks on the "new account" button. She is redirected to the CommIT IdP to create her account. She provides her name and other optional attributes about herself to CommIT, which are used only internally by CommIT for password reset and records matching to reduce duplicates. CommIT sends back an assertion that includes the attributes she has already provided as well as information about how the authentication occurred and her unique identifier. At the application service she enters additional information about herself to be stored at the participant's IdP.
...
Annie Applicant wants to use an application service. The application service requires a CommIT account for authentication. Annie recognizes that she has a CommIT account, and clicks on log in button. She's directed back to the CommIT IdP to authenticate. After successfully authenticating, CommIT sends back an assertion describing that includes information about how the authentication , the verification level associated with her account, her CommIT identifier, and optionally a set of attributesoccurred and her unique identifier. If Annie's attributes are already stored at the application service, they are loaded into a local representation of Annie. If Annie has never been to this application service, a local representation of Annie is created by prompting Annie for attributes which are stored locally and keyed to her unique identifier.