136 Hints Toward a Solution
5. S does have a suitable relationship with IP1. S negotiates
with IP1 the details about how IP wants to be called (for
example, with which technology).
6. S uses the information acquired in Step 5 to request an
identity from IP1. The encapsulation protocol tunnels the
speci?¬?c technology with which IP1 must be invoked.
7. S receives the required identity from IP1. S examines the
details of the identity, such as the content of Role, and
decides whether it consents to the disclosure of that information
to the RP and its trust chain.
8. If S decided to disclose, it uses the encapsulation protocol
for transmitting to IP2 the identity it obtained from
IP1. IP2 then issues to S an identity complying with the
requirements of the RP.
9. S uses the encapsulation protocol for transmitting to the
RP the identity obtained in Step 8.
It seems a long sequence, but it is really easier to do than to
describe. The presence of the decoupling level provided by the
Identity Metasystem enables the existing trust relationships to be
leveraged automatically. A traditional identi?¬?cation technology
would have required explicit out-of-band coordination, whereas
the policy-based negotiation and the dynamic encapsulation
protocol can self-organize a system that just works.
Pages:
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239