This interaction is illustrated
in Figure 3-6. The steps in the interaction are as follows:
1. The RP makes a request. When the user tries to access a
resource, the RP can make a request for a security token.
This request contains details about the format of the token
it wants, who it wants the token to be issued by, and
what information (claims) it wants in the token.
2. The user picks a card. Based on the request, the user
selects the card he wants to use.
3. The request is forwarded to the IP. The card the user
picks is supported by a speci?¬?c IP. When the card is selected,
a request for a security token is sent to the IP. In
this request, the user will also provide some authentication
information, to prove who he is. (This is discussed in
more detail later in the chapter, in the section
???Authentication with an IP.???)
4. The IP returns a security token. Satis?¬?ed that the user is
who he says he is, the IP returns a signed security token.
5. The user reviews the token. The IP can provide display
information, so CardSpace can show the user what information
is being disclosed.
6. The token is returned. The token that was requested is
returned to the RP, and it can make an authentication
decision.
Pages:
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300