It also knows
the rule. A manager can spend even if the preordained buffer
has been depleted, whereas nonmanagers will have variable
allowance. In summary, the employer??™s IP can issue to the subject
claims it is competent to emit, such as whether the subject
belongs to the category Managers; the supplier??™s RP needs to
know the spending limit of the subject, and the supplier knows
how to derive that value just by knowing whether the subject is
a manager. The solution is straightforward: We need a construct
that performs claim transformations applying the business rule
previously described.
Crossing company
boundaries is a
scenario that often
requires claim
transformation
Trust 129
Claim transformers are the ultimate decoupling devices. They
can help reduce the technical and business differences between
identity representations. They can handle naming issues, translating
incoming claims corresponding to the same concept in a
format understood by the RP; they can apply business rules by
examining incoming claims and expressing the implications in
terms relevant to the RP business; and they can resolve format
incompatibilities, repackaging and transforming claims from one
technology to another.
Pages:
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229