...
Delegation info PIP | ||||
No delegation | Service Provider | Entitled Party | Authorization Reg | |
Use case variation | 1 | 1a | 1b | 1c |
Note that interaction sequences are not described in the table above. In derived use case 1c, two interaction sequences are possible depending on who requests delegation info from the PIP:
...
- The Machine Service Consumer requests a service from the Service Provider;
The Service Provider authenticates the Machine Service Consumer and validates the iSHARE adherence of the Service Consumer;
- The Service Provider requests delegation evidence from the Authorization Registry;
- The Authorization Registry authenticates the Service Provider and validates its iSHARE adherence;
- The Authorization Registry authorizes authorises the Service Provider based on the scheme agreements for providing delegation information;
- The Authorization Registry provides the delegation evidence;
- The Service Provider validates the received delegation evidence through the following steps:
- The Service Provider authenticates the Authorization Registry and validates its iSHARE certification;
- The Service Provider authorizes authorises the Entitled Party based on the entitlement information registered with the Service Provider, and validates its iSHARE adherence.
- The Service Provider authorizes authorises the Machine Service Consumer of the Service Consumer based on the validity of the delegation evidence;
- The Service Provider executes the requested service;
- The Service Provider provides the service result to the Machine Service Consumer.
...