Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

20Nov/052

Demonstration of Identity Web Services

Following on from my recent posting of a Federation Manager demo showing Liberty ID-FF federated single sign-on, here is a demo of Access Manager and Federation Manager I showed at a Liberty 'eGovernment Forum' in Dublin back in April.

This demo shows an employee of the 'Department of Health and Children' logging into the department's portal, visiting another government department, the 'Stationery Office', to obtain an official report, and having the Stationery Office query their 'home' department for a mailing address via the Liberty Identity Web Services Framework (ID-WSF).

This is a very simple demo, but it demonstrates some key aspects of Liberty ID-WSF:

  • 'Bootstrap' from federated web single sign-on (ID-FF) to web services (ID-WSF).
  • Use of the Discovery Service to locate a web service for a given user. (This takes place 'under the covers' - the bootstrap provides the service provider, in this example the Stationery Office, with the location of the Discovery Service and a credential to use on behalf of the employee. The service provider queries the Discovery Service for the location of the Personal Profile service).
  • Use of the Personal Profile Service to retrieve a user's profile attributes.
  • Use of the RedirectRequest protocol (specified in the Liberty ID-WSF Interaction Service Specification) to allow the employee's 'home' department to prompt for confirmation that address information is to be released to the Stationery Office.

Just click the screenshot below to view the demo...


Click to view Flash presentation

UPDATED 11/21/2005 - corrected Interaction Service to RedirectRequest protocol - see comments

Filed under: Identity Leave a comment
Comments (2) Trackbacks (0)
  1. Hi pat, very nice. One small clarification though. On the page where the user is interacted with, the text bubble implies that it is through the Interaction Service that the user gets sent to the DoHC when it would actually be the RedirectRequest protocol.

  2. Hi Paul,

    You’re correct, of course. It is the RedirectRequest protocol (specified in the Interaction Service Specification) that sends the user to the DoHC. I’ve fixed the text of the blog entry and the preso itself to make this clear.

    Thanks for the catch!

    Pat


Leave a comment

No trackbacks yet.