??? The
situation depicted in Figure 2-2 includes four actors. A subject,
S, a relying party, RP, and two identity providers, IP1 and IP2.
Referring to the business relationship example mentioned previously,
those elements map as follows: S is the employee that will
make the purchase, RP is the web store of the hardware vendor,
IP1 is the employer??™s identity provider, and IP2 is the claim
transformer, implemented in the form of an IP. A step-by-step
description of the sequence follows.
1. S engages RP in a negotiation to acquire RP??™s policy and
requirements. RP states that it will consider for authentication
only the users presenting an identity issued by
IP2, in SAML1.1 format and containing the claim
SpendingLimit.
Actually, My Driving License Is Still Valid
Steps 4 and 5 correspond to the request and issuance of a government ID document,
respectively, in the of?¬‚ine-world example. In a real-life situation, you
would likely already have a valid ID with you, and if it had expired, you would
not be able to request and get a renewed one in the context of the wine purchase.
However, in the online world, distance and bureaucracy mean nothing
(or very little), so requesting that the IP issue a document on-the-?¬‚y is actually
viable and guarantees freshness of the information.
Pages:
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237