Versions Compared

Version Old Version 28 New Version 29
Changes made by

Pieter Nijs

Vincent Jansen (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The Human Service Consumer requests a service from the Service Provider;
  2. The Service Provider requests a login from the Identity Provider;
  3. The Identity Provider authenticates the Human Service Consumer;
  4. The Identity Provider issues an identity assertion to the Service Provider;
  5. The Service Provider validates the identity assertion through the following steps:
    1. The Service Provider authenticates the Identity Provider and validates its iSHARE certification.
  6. The Service Provider authenticates the Human Service Consumer based on the validity of the identity assertion, and validates the iSHARE adherence of the Service Consuming Entity;
  7. The Service Provider authorises the Human Service Consumer of the Service Consuming Entity based on the entitlement information registered with the Service Provider;
  8. The Service Provider executes the requested service;
  9. The Service Provider provides the service result to the Human Service Consumer.

Sequence diagram

Image RemovedImage Added


Note that an Identity Broker can be introduced to broker the relation between the Service Provider and the Identity Provider(s) and/or the Service Provider and the Authorisation Registry(s). This is optional and useful in situations with several Identity Providers and/or Authorisation Registries. This use case would look as follows with a Service Broker:

...

Sequence diagram with Identity Broker

Image RemovedImage Added