Subject

1
ARAttribute Repository CISCredential Issuing
Service CVS Credential Validation Service PDP
Policy Decision Point PEP Policy Enforcement
Point SOA Source of Authority
Attribute Authority
0
AR
Subject SOA
CIS
0
0
10
10
Target SOA
PDP
CVS
PDP
5
6
12
3
4
5
6
8
9
1
Subject
PEP
Target
PEP
7
14
2
13
11
Environment
Environment
Obligations Service
2
Linking Service
Storage Requirements
IdP 1
3
4
UserX, Attr1, RegLoA, PID 1LS
2
1
Linking Service
UserZ, IdP1PID 1LLoA1, IdP2PID2LLoA2
5
7
6
IdP 2
UserA, Attr2, RegLoA, PID 2LS
3
Linking Table
UserID PId IdP LinkLoA
Fred A123 Airmiles.com 1
Fred EduXu23_at_kent.ac.uk Kent.ac.uk 2
Mary ABC456 XYX Co 1
Fred uid123345 Cardbank.com 3
UserID SP IDP
Fred Books.co.uk Kent.ac.uk
Fred Books.co.uk Cardbank.com
Mary Books.co.uk XYX Co
Fred Cardbank.com
Fred Compstore.com Cardbank.com
Fred Compstore.com Airmiles.com
Fred Kent.ac.uk
Link Release Policy Table
4
SP
I
dP
(a)
LS
IdP
(b)
User
1. User Requests Service
2. lt
samlpAuthnRequest
gt
3. Authentication
4. lt
samlpResponse
gt
(
Authn
Assertion
,
EPR1,
Attribute Statement)
5. IDWSF Identity Mapping Request (EPR1
Authn
Assertion)
lt
samlpAttributeQuery
gt
6. IDWSF Identity Mapping Response (EPR2)
lt
samlpResponse
gt
7. IDWSF Identity Mapping Request (EPR 2
Authn
Assertion)
lt
samlpAttributeQuery
gt
8. IDWSF Identity Mapping Response
lt
samlpResponse
gt
9
.
Grant/Deny
IdP Direct SP aggregation with IDWSF Id Mapping
5
Break the Glass
Patient Record
1. (6). Access patient record
7. Retrieve Record
PEP
2. Denied 8. Granted
PDP
3. Break the Glass
5. Granted
4. Perform obligations
Obligations Service
Audit Trail