That should not
surprise too much. We are rebuilding a system from the ground
up, explicitly to get things right, free from the artifacts and aberrations
derived from implementation details and historical burdens.
The next three sections introduce the three roles. In the section
???The Dance of Identity??? later in this chapter, we examine how
those three roles contribute to propagate identity information.
Relying Parties
A relying party, often abbreviated RP, is an entity that consumes
identities. An RP is typically something or somebody who provides
a service that is intended to be enjoyed by a restricted
audience. To make sure that the access is granted only to the
rightful crowd, the RP requires receiving an identity from the
requestor.
The wine seller in the example from the section ???Minimal
Disclosure for a Constrained Use??? is an RP; so is any website
that requires you to authenticate yourself before accessing its
services. If you examine the section ???The Babel,??? from Chapter
1, you will see that every authentication scheme described includes
an entity that plays the role of the RP: intranet services
requesting a certi?¬?cate form a smartcard, HTTPS endpoints asking
for a certi?¬?cate via SSL authentication, the ???service B??? described
in the ???Kerberos??? subsection.
Pages:
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209