Versions Compared

Old Version 11

changes.mady.by.user Remco Westenberg

Saved on

compared with

New Version 12

changes.mady.by.user Remco Westenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Service Provider (Party B) has and manages its own entitlement information indicating what Entitled Parties are entitled to what (parts of) services, i.e. Party B has information indicating that Party A is entitled to status updates from its ERP system;
  • The Service Consumer (Party A) has and manages its own authorization information indicating which Human Service Consumers are authorized to act on its behalf;
  • The delegation/authorization responsible at the the Service Consumer (Party A) registers the authorization information at the Service Identity Provider (Y);
  • The Human Service Consumer (Human X) is able to authenticate the Service Provider (Party B);
  • The Service Provider (Party B) is able to authenticate the Human Service Consumer (Human X);
  • The Identity Provider (Y) is able to authenticate the Service Provider (Party B);
  • The Service Provider (Party B) is able to authenticate the Identity Provider (Y);
  • The Identity Broker (Z) is able to authenticate the Service Provider (Party B);
  • The Service Provider (Party B) is able to authenticate the Identity Broker (Z);
  • The Human Service Consumer (Human X) has been issued identity credentials by the Identity Provider (Y).

...

  1. The Human Service Consumer (Human X) requests a service from the Service Provider (Party B);
  2. The Service Provider (Party B) requests a login from the Identity Broker (Z);
  3. The Identity Broker (Z) asks the Human Service Consumer (Human X) to select his Identity Provider (Y);
  4. The Identity Broker (Z) requests a login from the Identity Provider (Y);
  5. The Identity Provider (Y) authenticates the Human Service Consumer (Human X) (on the basis of Human X's credentials);
  6. The Identity Provider (Y) issues an identity assertion and authorization assertion for the Service Provider (Party B) to the Identity Broker (Z);
  7. The Identity Broker (Z) forwards the identity assertion and authorization assertion to the Service Provider (Party B);
  8. The Service Provider (Party B) validates the identity assertion through assertion and authorization assertion through the following steps:
    1. The Service Provider (Party B) authenticates the Identity Broker (Z) and validates its iSHARE certification;
    2. The Service Provider (Party B) authenticates the Identity Provider (Y) and validates its iSHARE certification.
  9. The Service Provider (Party B) authenticates the Human Service Consumer (Human X) based on the validity of the identity assertion, and validates the iSHARE adherence of the Service Consumer (Party A);
  10. The Service Provider (Party B) authorizes the Human Service Consumer (Human X) of the Service Consumer (Party A) based on the authorization assertion and the entitlement - and authorization information registered with the Service Provider (Party B);
  11. The Service Provider (Party B) executes the requested service;
  12. The Service Provider (Party B) provides the service result to the Human Service Consumer (Human X).

...