Versions Compared

Old Version 55

changes.mady.by.user Remco Westenberg

Saved on

compared with

New Version 56

changes.mady.by.user Remco Westenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Parties fulfilling adhering roles, depicted in purple, provide and consume services under iSHARE. These parties adhere to the iSHARE terms of use;
    • Note: as it is the responsibility of the Service Provider to determine the Entitled Party, the Service Provider can choose to provide services where the Entitled Party is not admitted to iSHARE. In this event, the responsibilities of the Entitled Party are shifted to the Service Provider in question. This is particularly useful for Service Providers who have existing (smaller) customers, who do not have own systems, or are only an Entitled Party for services at a single Service Provider.
  • Parties fulfilling certified roles, depicted in grey, facilitate functions that Adhering Parties can rely upon when providing or consuming services. To become certified, these parties must not only prove adherence to the iSHARE terms of use, but also meet several role-specific criteria.

...

Certified role:Role description:
Identity Provider

The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates humans (and specifically, Human Service Consumers representing Service Consumers). An Identity Provider: 

  • Provides identifiers for humans;
  • Issues credentials (i.e. a password or electronic keycard) to humans;
  • On the basis of this identification information, identifies and authenticates humans for Service Providers. 
  • Holds information on authorisations of humans representing a Service Consumer; i.e. information indicating which humans are authorised to act on a Service Conumer's behalf.
  • Can check, on the basis of this information, whether a human representing a legal entity is authorised to take delivery of a service;
  • Can confirm whether this is the case to the Service Provider.

As a result, Service Providers can outsource identification and authentication of humans, as well as tasks concerning the management of authorisation and delegation information of humans, to an Identity Provider instead of implementing their own tooling.

Identity Broker

Different humans might hold identifiers at different Identity Providers. Also, Service Providers might need to connect to several Identity Providers. To make sure Service Providers do not need a relation with each Identity Provider individually, an Identity Broker is introduced. The Identity Broker-role is fulfilled by a legal entity that provides Service Providers access to different Identity Providers, and that offers humans the option to choose with which Identity Provider to identify and authenticate themselves throughout the iSHARE Scheme.

As a result, if Service Providers choose to outsource identification and authentication to more than one Identity Provider, they can connect to an Identity Broker instead of to several Identity Providers.

Authorisation Registry

The Authorisation Registry-role is fulfilled by a legal entity who provides solutions for Adhering Parties for the storage of delegation- and authorisation information. An Authorisation Registry: 

  • Can holds information on delegations to Service Consumers; i.e. information indicating what parts of the rights of an Entitled Party are delegated to a Service Consumer.
  • Can check, on the basis of this information, whether a machine representing a legal entity is authorised to take delivery of a service;
  • Can confirm whether this is the case to the Service Provider. 

As a result, Adhering Parties can outsource tasks concerning the management of authorisation and delegation information to an Authorisation Registry instead of implementing their own tooling.

...