This page describes a real-world use case of a website that supports (or soon will) three identity protocols. What is written here is one of many possible use-cases (interactions) that Alice could have with this site.
Preconditions
- Alice already has a multi-protocol browser add-on (aka selector, smart client, etc.)
- Alice has already configured the add-on with three OpenIDs: Yahoo, PayPal, AOL
- Alice has no i-cards configured in the add-on
- Alice wants to login to the NIH site
- The site is a SAML, OpenID, and IMI/InfoCard compatible RP
Flow
- The user clicks on the sign-in button
- The addon reads some data that tells it stuff like:
- That the site is an RP for OpenID, IMI and SAML protocols (unusually it does not support username/password!)
- The list of attributes that the site wishes to receive and for each attribute the list of authorities that the RP trusts. In our case the site is going to request only a non-correlateable identifier (aka an IMI "PPID", aka an OpenID "directed" identity) and that it trusts only AOL, PayPal, Google to issue this attribute
- The add-on displays a dropdown showing two accounts that could be used immediately (because Alice has these accounts and the NIH site accepts these accounts), as well as one account that Alice could potentially use if she signed up with Google to get one (but she doesn't have one at present):
- AOL
- PayPal
- Alice clicks on AOL