1 format and containing
Claim1 and Claim2.
2. The S??™s agent checks if S has a relationship with IP that
would allow it to ask for a token of the right format and
with the requested claims in it. It then presents to S its
options (that is, all the courses of actions that will end
with the acquisition of a token satisfying RP??™s policy).
3. Assuming that S does have a suitable relationship with
IP and that S chooses to pursue that option among the
ones offered by the agent, S??™s agent uses WSMetadataExchange
for acquiring IP??™s invocation policy.
4. The S agent uses the information acquired in the former
step for requesting an identity from IP??™s STS, by sending
an appropriate RST. The agent will also take care of
160 Hints Toward a Solution
?¬?nding the token that the IP-STS requested for securing
the RST.
5. The S??™s agent receives the RSTR from IP, and with it the
required token. The S??™s agent returns the token to S. S
goes through the experience of examining the details of
the identity, such as the content of Claim1 and Claim2,
and decides whether it consents to the disclosure of that
information to RP.
6. If S decides to disclose, it uses WS-Security for securing
the token obtained from IP the invocation to RP.
Pages:
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274