In use case 3, a service is provided by the Service Provider to the Human Service Consumer. Identity info is held at the Identity Provider.
...
- The Service Provider has and manages its own authorisation information indicating what Entitled Parties are entitled to what (parts of) services*;
- The Service Consumer has and manages its own authorisation information indicating which Human Service Consumers are authorised to act on its behalf**;
- The delegation/authorisation responsible at the the Service Consumer registers the authorisation information at the Service Provider;
- The Human Service Consumer is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Human Service Consumer;
- The Identity Provider is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Provider;
- The Identity Broker is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Broker;
- The Human Service Consumer has been issued identity credentials by the Identity Provider.
In this use case the Entitled Party is also the Service Consumer.
...
Sequence diagram without Identity Broker