us-federations - FedID - Getting an ID from source into a local IdP
Subject: US Federations Discussion
List archive
- From: Joseph Giroux <>
- To: Matt Coombs <>, David Walker <>,
- Cc: Tim Calhoon <>
- Subject: FedID - Getting an ID from source into a local IdP
- Date: Mon, 05 Apr 2010 13:06:30 -0700
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:CC:Subject:Content-Type:Content-Transfer-Encoding; b=Sc3Rm/ISAvfNL83hhvqJwedHj9FPIDvwUb1+x8Txy8bZv1bYWc2EwXtWKIKMG9oIfySXrpDS6AAw0K+BrDdXBH+J1eKl7cbma9moPzOWFjnHJtkRfKyjPFZT2wMtWgqdwpnffYdc66S6Ob+e9qL12CqyRa3PXvYOTcMMGMZBp+A= ;
|
From a telephone conversation with David Walker (UC-Davis) last Friday
I've sketched out a process flow for issuing a unique statewide ID
number and passing it to a local IdP. However, I have a couple of
questions about how this would work in practice. You'll see a
simplified process flow below and then three questions. I'd appreciate
any help you can provide in either answering the questions or giving me
the name of someone who might be able to answer them. Ideally we'd
like to locate someone who has done this previously. Thanks for your consideration. Joseph Giroux California Community Colleges Process Flow for
updating local IdP with CCCID from central IdP CCCID is a statewide user id number that is unique and persistent. A Central IdP will have accounts for all statewide users (ie. all CCCIDs). College IdPs will only contain accounts for college users and may need to store the statewide CCCID for each. PreCondition: An account for the user has been established at the local college’s IdP but there is currently no associated CCCID. 1. User logs into a college portal using his local college account. 2. User selects a statewide web service link (WS1) that requires a CCCID 3. WS1 receives User@College and so requests the user’s CCCID from College IdP. 4. College IdP does not find a CCCID for User so invokes local process to obtain a CCCID (GetCCCID). 5. The GetCCCID process calls a central web service (ProvideCCCID) passing some available user id info (Name, Birthdate, Zip, etc) that might be relevant for an ID match or account set up. (Branch 1) 6. ProvideCCCID assigns a CCCID (and creates an account on the Central IdP). (This is simplified. There will need to be some additional interaction with the User to establish challenge questions or obtain additional information.) 7. ProvideCCCID returns User’s CCCID to GetCCCID. 8. GetCCCID populates the College1 IDP with the User’s CCCID and returns control to the local IdP. 9. Local IdP forwards User’s CCCID to WS1. 10. WS1 authorizes the User session. Questions 1.
How do we make the IdP call GetCCCID
when it
doesn’t have a requested CCCID? 2. What is the nature of the GetCCCID process? (a web service? a java process within the IdP?) 3. Who has already done something similar to this? |
- FedID - Getting an ID from source into a local IdP, Joseph Giroux, 04/05/2010
- Re: FedID - Getting an ID from source into a local IdP, David Walker, 04/05/2010
- Re: FedID - Getting an ID from source into a local IdP, Joseph Giroux, 04/05/2010
- Re: FedID - Getting an ID from source into a local IdP, David Walker, 04/06/2010
- Re: FedID - Getting an ID from source into a local IdP, Joseph Giroux, 04/05/2010
- Re: FedID - Getting an ID from source into a local IdP, David Walker, 04/05/2010
Archive powered by MHonArc 2.6.16.