OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Identity Federation

Hello,

i’ve read the Identity Federation specification on http://www.oasis-open.org/committees/download.php/22553/sstc-saml-tech-overview-2%200-draft-13.pdf -> 2.3 Identity Federation Use Case) but I have some questions about the flow.. could you help me ?

 

Is it like this:

 

IdP -> User “john” logs in
IdP -> User “john” is logged

SP -> User “jpf” logs in
SP -> User “jpf” is logged
SP -> knows that the user has already visited the IdP (how does he know that the user has previously visited the IdP?)

SP -> Asks “jpf” to consent identity with IdP

SP -> “jpf” replies yes and is redirected to the IdP

IdP -> Creates a new pseudonym for “john” (how?) (for example, pseudonym is ABC)

IdP -> stores the information that “john” is also “ABC”

IdP -> redirects user to SP and sends an SAML <Assertion> with the pseudonym “ABC”

SP -> receives the <Assertion> and extracts the pseudonym

SP -> stores the information that “jpf” is also “ABC”

 

Is this right? If not, how should it be done?

Thank you

 

Filipa Moura

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]