Versions Compared

Version Old Version 8 New Version 9
Changes made by

Pieter Nijs (Unlicensed)

Pieter Nijs (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that this use case is exactly the same as the old use case 4B

Roles 



Delegation info PIP
No delegationService ProviderEntitled PartyAuthorisation Reg

Auth info PIP

Service Provider33a3b3c

Entitled Party

3.13a.13b.13b.1
Authorisation Reg3.23a.23b.23b.2
Identity Provider*3.33a.33b.33c.3

...

As there is no delegation, the Entitled Party acts as Human Service Consumer

Depiction

Image Modified

Description

It is prerequisite of this use case that:

...

  1. The Human Service Consumer requests a service from the Service Provider
  2. The Service Provider requests a login from the Identity Provider
  3. The Identity Provider authenticates the Human Service Consumer 
  4. The Identity Provider issues an identity assertion to the Service Provider
  5. The Service Provider validates the identity assertion through the following steps:
    1. The Service Provider authenticates the Identity Provider and validates it as an iSHARE certified party
  6. The Service Provider authenticates the Human Service Consumer based on the validity of the identity assertion
  7. The Service Provider authorises the Human Service Consumer based on the authorisation information registered with the Service Provider
  8. The Service Provider executes the requested service 
  9. The Service Provider provides the service result to the Service Consumer

Practical examples

All Functional working group-members are invited to add practical examples of this use case in the comment section.

Sequence diagram


Note that an Identity Broker can be introduced to broker the relation between the Service Provider and both the Authorisation Registry and the Identity Provider; this is optional and useful in situations with several Authorisation Registries and (especially) several Identity Providers. This use case would look as follows with a Service Broker:

Depiction with Identity Broker

Image Modified

Description with Identity Broker

It is prerequisite of this use case that:

...

  1. The Human Service Consumer requests a service from the Service Provider
  2. The Service Provider requests a login from the Identity Broker
  3. The Identity Broker asks the Human Service Consumer to select his Identity Provider
  4. The Identity Broker requests a login from the Identity Provider
  5. The Identity Provider authenticates the Human Service Consumer
  6. The Identity Provider issues an identity assertion for the Service Provider to the Identity Broker
  7. The Identity Broker forwards the identity assertion to the Service Provider 
  8. The Service Provider validates the identity assertion through the following steps:
    1. The Service Provider authenticates the Identity Broker and validates it as an iSHARE certified party
    2. The Service Provider authenticates the Identity Provider and validates it as an iSHARE certified party
  9. The Service Provider authenticates the Human Service Consumer based on the validity of the identity assertion
  10. The Service Provider authorises the Human Service Consumer based on the authorisation information registered with the Service Provider
  11. The Service Provider executes the requested service 
  12. The Service Provider provides the service result to the Service Consumer

Practical examples with Identity Broker

All Functional working group-members are invited to add practical examples of this use case in the comment section.

Sequence diagram with Identity Broker