Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 8 and Version 9 of RuAaa

Timestamp:: Nov 3, 2010, 4:59:19 PM (13 years ago)
Author:: tim.bauge
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

RuAaa

-                      v8
+                      v9
 * Any STS which has a federation relationship with the issuing STS
 == Authenticating to a REP ==
 Authentication to a REP is done by presenting a security token to the REP. This token is provided by the user's home STS, and may need translating at the REP's STS if the two are different (i.e. a user is trying to authenticate to a REP in a different security domain).
+== Authenticating to a Service Provider ==
+Authentication to a service provider (e.g. a REP, a Resource Directory, etc) is done by presenting a security token to the service provider. This token is supplied by the user's home STS, and may need translating at the service's STS if the two are different (e.g. a user is trying to authenticate to a REP in a different security domain).
 If the client is a standard web browser (or an application embedding a full web browser capability), acquiring a token and providing it to the REP is handled entirely transparently to the user. The user simply invokes the REP interface with no special precautions, and the AAA infrastructure will handle the security steps in the background. The only explicit user input to the process will be signing in to its STS (the sign-in form will appear automatically in the browser through a redirect). This sign-in is required only once per user session.
+If the client is a standard web browser (or an application embedding a full web browser capability), acquiring a token and providing it to the service provider is handled entirely transparently to the user. The user simply invokes the service interface with no special precautions, and the AAA infrastructure will handle the security steps in the background. The only explicit user input to the process will be signing in to its STS (the sign-in form will appear automatically in the browser through a redirect). This sign-in is required only once per user session.
 Clients that cannot process redirects or choose to proactively acquire and provide tokens for efficiency can embed tokens in their initial service request. This is an advanced use of the AAA framework and is a developer's concern. A detailed specification for this can be provided to developers upon request.