In use case 3, a service is provided by the Service Provider to the Human Service Consumer. Identity info is held at the Identity Provider.
Note that this use case is exactly the same as the old use case 4B.
Roles
| Delegation info PIP | |||||
| No delegation | Service Provider | Entitled Party | Authorisation Reg | ||
Auth info PIP | Service Provider | 3 | 3a | 3b | 3c |
Entitled Party | 3.1 | 3a.1 | 3b.1 | 3c.1 | |
| Authorisation Reg | 3.2 | 3a.2 | 3b.2 | 3c.2 | |
| Identity Provider* | 3.3 | 3a.3 | 3b.3 | 3c.3 | |
...
- The Human Service Consumer requests a service from the Service Provider
- The Service Provider requests a login from the Identity Provider
- The Identity Provider authenticates the Human Service Consumer
- The Identity Provider issues an identity assertion to the Service Provider
- The Service Provider validates the identity assertion through the following steps:
- The Service Provider authenticates the Identity Provider and validates it as an iSHARE certified party
- The Service Provider authenticates the Human Service Consumer based on the validity of the identity assertion
- The Service Provider authorises the Human Service Consumer based on the entitlement information registered with the Service Provider
- The Service Provider executes the requested service
- The Service Provider provides the service result to the Service Consumer
Practical examples
...
Sequence diagram
Note that an Identity Broker can be introduced to broker the relation between the Service Provider and the Identity Provider(s) and/or the Service Provider and the Authorisation Registry(s). This is optional and useful in situations with several Identity Providers and/or Authorisation Registries. This use case would look as follows with a Service Broker:
...