In SAML, the service
requesting the caller identity is even called relying party!
The RP is a powerful invariant of identity-related systems. Its
requirements are among the main reasons for which we need an
identity system in the ?¬?rst place.
Subjects
We have already used the term subjecta number of times
throughout the book, relying on its common meaning. From a
de?¬?nition standpoint, a subject is just something or somebody
Relying parties
consume identities
Subjects have identities
118 Hints Toward a Solution
who owns a digital identity. From the role de?¬?nition point of
view, however, it is worth considering the de?¬?nition in more
detail.
In the section ???Directed Identity,??? we introduced the differentiation
between omnidirectional and unidirectional identities. The
former type of identity can often be assigned to every actor in a
transaction, or at least to all the ones that exhibit one-to-many
relationships. That basically means that the label ???subject??? can
be applied to many entities in an identity system, and therefore
its usefulness as a role-differentiating factor seems pretty unlikely.
In the context of the Identity Metasystem roles, however,
we usually intend the subject as one entity whose unidirectional
identity comes into play.
Pages:
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210