In use case 3, a service is provided by the Service Provider to the Human Service Consumer. Identity info is held at the Identity Provider.
...
Delegation info PIP | |||||
No delegation | Service Provider | Entitled Party | Authorization Reg | ||
Auth info PIP | Service Provider | 3. H2M service provision with identity info at the IP | 3a | 3b | 3c |
Entitled Party | 3.1 | 3a.1 | 3b.1 | 3c.1 | |
Authorisation Authorization Reg | 3.2 | 3a.2 | 3b.2 | 3c.2 | |
Identity Provider* | 3.3 | 3a.3 | 3b.3 | 3c.3 |
...
- The Service Provider has and manages its own authorization information indicating what Entitled Parties are entitled to what (parts of) services*;
- The Service Consumer has and manages its own authorization information indicating which Human Service Consumers are authorized to act on its behalf**;
- The delegation/authorization responsible at the the Service Consumer registers the authorization information at the Service Provider;
- The Human Service Consumer is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Human Service Consumer;
- The Identity Provider is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Provider;
- The Identity Broker is able to authenticate the Service Provider;
- The Service Provider is able to authenticate the Identity Broker;
- The Human Service Consumer has been issued identity credentials by the Identity Provider.
In this use case the Entitled Party is also the Service Consumer.
...