In use case 3, a service is provided by the Service Provider to the Human Service Consumer. Identity info is held at the Identity Provider.
...
Note that an Identity Broker is introduced to broker the relation between the Service Provider and the Identity Provider(s) and/or the Service Provider and the Authorisation Registry(s). This is optional and useful in situations with several Identity Providers and/or Authorisation Registries.
Depiction
Legal
...
relations
Prerequisite registration
...
- The Service Provider has and manages its own authorisation information indicating what Entitled Parties are entitled to what (parts of) services*;
- The Service Consumer has and manages its own authorisation information indicating which Human Service Consumers are authorised to act on its behalf**;
- The delegation/authorisation responsible at the the Service Consumer registers the authorisation information at the Service Provider;
- The Human Service Consumer is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Human Service Consumer;
- The Identity Provider is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Provider;
- The Identity Broker is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Broker;
- The Human Service Consumer has been issued identity credentials by the Identity Provider.
In this use case the Entitled Party is also the Service Consumer.
...
Depiction without Identity Broker
Legal view
Prerequisite registration
...