You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Contributors: 

Arnie Miles, Vince Timbers, Tim McGraw, Michael Morris

The Story:

Integration Strategy 1

Integration Strategy 1 only uses AdmitMe accounts. This strategy is for those participants who have no desire to maintain local credential registries for authentication, and will instead rely on AdmitMe to handle their authentication requirements. Participants will still maintain and Identity Provider, but this IdP will contain the locally useful 'enriched' attributes about a user that their business model requires.

This scenario describes the process that occurs at authentication time. Other flows, such as the aggregation of attributes about a principal from all participants in the AdmitMe ecosystem at the end stage of the application process, are out of scope for this document.

AdmitMe Account Creation at Participant site

Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. She has never created an AdmitMe account anywhere else. She may or may not have local participant accounts elsewhere. She is given the option of logging in with her AdmitMe credentials or creating AdmitMe credentials. Since she does not believe she has AdmitMe credentials, she chooses to create an AdmitMe account, and clicks on the "new account" button. She is redirected to the AdmitMe IdP to create her account. She provides her name and other optional attributes about herself, and AdmitMe sends back an assertion that includes the attributes she has already provided as well as her unique identifier. At the application service she enters additional information about herself to be stored at the participant's IdP.

First Login to Participant site after Account Creation

Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. Annie recognizes that she has an AdmitMe account, and clicks on log in button. She's directed back to the AdmitMe IdP to authenticate. After successfully authenticating, AdmitMe sends back an assertion describing the authentication, the verification level associated with her account, her AdmitMe identifier, and optionally a set of attributes. The application service creates a local representation of Annie keyed by her AdmitMe identifier which is used to store additional local data about her.

AdmitMe Login to Participant site

Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. Annie recognizes that she has an AdmitMe account, and clicks on log in button. She's directed back to the AdmitMe IdP to authenticate. After successfully authenticating, AdmitMe sends back an assertion describing the authentication, the verification level associated with her account, her AdmitMe identifier, and optionally a set of attributes. The application service loads a local representation of Annie keyed by her AdmitMe identifier.

Diagram depicting the combined registration flows described:

Test

  • No labels