Contributors:
Arnie Miles, Vince Timbers, Tim McGraw, Michael Morris
The Story:
Integration Strategy 1
Integration Strategy 1 only uses AdmitMe accounts. This strategy is for those participants who have no desire to maintain local credential registries for authentication, and will instead rely on AdmitMe to handle their authentication requirements. Participants will still maintain and Identity Provider, but this IdP will contain the locally useful 'enriched' attributes about a user that their business model requires.
Successful AdmitMe Account Creation at Participant site
Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. She has never created an AdmitMe account anywhere else. She may or may not have local participant accounts elsewhere. She is given the option of logging in with her AdmitMe credentials or creating AdmitMe credentials. Since she does not believe she has AdmitMe credentials, she chooses to create an AdmitMe account, and clicks on the "new account" button. She is redirected to the AdmitMe IdP to create her account. She provides her name and other optional attributes about herself, and AdmitMe sends back an assertion that includes the attributes she has already provided as well as her unique identifier. At the application service she enters additional information about herself to be stored at the participant's IdP.
Failed AdmitMe Account Creation at Participant site because Applicant forgot about existing account.
Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. She has created an AdmitMe account, but has forgotten it exists. She may or may not have local participant accounts elsewhere. She is given the option of logging in with her AdmitMe credentials or creating AdmitMe credentials. Since she does not believe she has AdmitMe credentials, she chooses to create an AdmitMe account, and clicks on the "new account" button. She is redirected to the AdmitMe IdP to create her account. She provides her name and other optional attributes about herself, and AdmitMe sends back a list of potential accounts that might be her. If she recognizes one of the accounts, she logs in using that account and continues to the application service.
First Login to Participant site after Account Creation
Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. Annie recognizes that she has an AdmitMe account, and clicks on log in button. She's directed back to the AdmitMe IdP to authenticate. After successfully authenticating, AdmitMe sends back an assertion describing the authentication, the verification level associated with her account, her AdmitMe identifier, and optionally a set of attributes. The application service creates a local representation of Annie keyed by her AdmitMe identifier which is used to store additional local data about her.
AdmitMe Login to Participant site
Annie Applicant wants to use an application service. The application service requires an AdmitMe account for authentication. Annie recognizes that she has an AdmitMe account, and clicks on log in button. She's directed back to the AdmitMe IdP to authenticate. After successfully authenticating, AdmitMe sends back an assertion describing the authentication, the verification level associated with her account, her AdmitMe identifier, and optionally a set of attributes. The application service loads a local representation of Annie keyed by her AdmitMe identifier.
