Subject PEP Environment PDP CIS TargetPEP CVSPDP AR AR=Attribute Repository CIS=Credential Issuing Service CVS = Credential Validation Service PDP = Policy Decision Point PEP= Policy Enforcement Point SOA = Source of Authority Target SOA Attribute Authority 0 Subject SOA Environment 10 Obligations Service
IdP 1 IdP 2 Linking Service Linking Service UserX, Attr1, RegLoA, PID 1:LS UserA, Attr2, RegLoA, PID 2:LS UserZ, IdP1:PID 1:LLoA1, IdP2:PID2:LLoA2 Storage Requirements
UserIDPIdIdPLinkLoA FredA=123Airmiles.com1 Kent.ac.uk2 MaryABC=456XYX Co1 Freduid=123345Cardbank.com3 UserIDSPIDP FredBooks.co.ukKent.ac.uk FredBooks.co.ukCardbank.com MaryBooks.co.ukXYX Co FredCardbank.com* FredCompstore.comCardbank.com FredCompstore.comAirmiles.com Fred*Kent.ac.uk Link Release Policy Table Linking Table
IdP Direct SP aggregation with IDWSF Id Mapping SPIdP(a)LSIdP(b)User 5. IDWSF Identity Mapping Request (EPR1 +Authn Assertion) + 8. IDWSF Identity Mapping Response <samlp:AttributeQuery> 7. IDWSF Identity Mapping Request (EPR 2 +AuthnAssertion) 6. IDWSF Identity Mapping Response (EPR2) + <samlp:AttributeQuery> + <samlp:Response> + <samlp:Response> 9.Grant/Deny 2. <samlp:AuthnRequest> 3. Authentication 4. <samlp:Response> (AuthnAssertion,EPR1, Attribute Statement) 1. User Requests Service
PDP PEP Patient Record 1. (6). Access patient record 2. Denied 8. Granted 3. Break the Glass Obligations Policy Obligations Service 4. Perform obligations 5. Granted Audit Trail 7. Retrieve Record