...
| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Edit History
- PaulT: 10/16/09: Changed preconditions so that Alice is pre-configured with Ohio State IdP and Equifax --now we need to update the mockups to align
Preconditions
- Alice already has a multi-protocol browser add-on (aka selector, smart client, etc.)
- Alice has configured her add-on with:
- OpenIDsOpenID: Yahoo, AOL, Google, Facebook, Janrain
- SAML IdPs: Ohio State
- InfocardsInfocard: Equifax Identity Card, PayPal
- Alice wants to login to the NIH site
- Alice has never been to this site before
- Alice is not logged in to any of her five OpenIDs at the moment
- Alice has not defined a "default" OpenID, SAML or InfoCard
- The site is a SAML, OpenID, and IMI/InfoCard compatible RP
- The site trusts Yahoo, AOL, Google, as well as Equifax, Citigroup, Silicon Wave (?), Acxiom
...
- The user clicks on a "sign in" button on the NIH site
- The addon reads some data that tells it stuff like:
- That the site is an RP for OpenID, IMI and SAML protocols (unusually it does not support username/password!)
- The list of attributes that the site wishes to receive and for each attribute the list of authorities that the RP trusts. In our case the site is going to request only a non-correlateable identifier (aka an IMI "PPID", aka an OpenID "directed" identity) and that it trusts only Yahoo, AOL, Google, as well as Facebook, Equifax, Citigroup, Silicon Wave, Acxiom to issue this attribute
- The add-on displays a login window. It consists of a dropdown showing two
- It prominently shows the following accounts that could be used immediately (because Alice has these accounts and the NIH site accepts these accounts)
- :
- Ohio State
- Yahoo
- Equifax
- AOL
- PayPal
- Its also shows accounts that Alice could
- use if she
- Yahoo AOL
- first registered with these IdPs
- Acxiom
- Wave Systems
- Citigroup
- Alice clicks on Google
- Alice authenticates to Google
- Alice agrees to share Google attributes with NIH
...