The encapsulation protocol
tunnels the speci?¬?c technology that the IP requires to
be invoked.
Trust 133
5. S receives the required identity from the IP. S examines
the details of the identity, such as the content of Claim1
and Claim2, and decides whether it consents to the disclosure
of that information to the RP.
6. If S decides to disclose, it uses the encapsulation protocol
for transmitting the identity to the RP in accordance
with the policy received in Step 1.
IPi
SAML
Claim 1
Claim 2
SAML
Claim 1
Claim 2
SAML
Claim 1
Claim 2 S
? ?
?
IP
RP
IP
IP
SAML
Claim 1
Claim 2 IP
SAML
Claim 1
Claim 2
3
1
6
5
4
2
Figure 2-1 The diagram depicts the interaction among the three roles
of the Identity Metasystem in the canonical scenario.
134 Hints Toward a Solution
No technology prerequisites are imposed by the preceding sequence.
All parties need to understand the Identity Metasystem;
beyond that, however, everybody is free to use the technology
of choice. Negotiation and encapsulation protocols provide the
mechanism necessary to dynamically con?¬?gure the system for
automatic policy exchange and interoperability.
Brokered Trust
The brokered trust scenario generalizes the business partnership
example developed in the section ???Claim Transformers.
Pages:
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236