Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Uml sequence
title SSO User workflow
participant MoH
participant User
participant IL
participant Some management application as MA
opt If the user isn't already registered
	MoH->MoH: [1] Determines that the user should\nhave access to manage a registry
	MoH->IL: [2] Registers the user with the IL via the web UI
	IL->User: [3] Send an email allowing them to complete registration and set a password
end
User->MA: [4] User visits the management application to login
MA->User: [5] The application redirects the user to the IL to login
User->IL: [6] The user logs into using the IL
IL->User: [7] The IL redirects the user back to the management application with ana accessclaimed tokenidentity
User->MA: [8] The uses accesses the managment application using the accessclaimed tokenidentity

Open Questions

  • Do the management applications control their own user authorisation lists or should this be something that the IL does?

...

RefInteractionEndpointDataTransaction Specification
1Determines that the user should have access to manage a registry policy 
2Registers the user with the IL via the web UI The users details (email, name, department, job title)Via the Web UI
3Send an email allowing them to complete registration and set a password A registration linkemail
4User visits the management application to login  OpenID authentication request
5The application redirects the user to the IL to login  OpenID authentication request
6The user logs into using the IL  OpenID authentication response
7The IL redirects the user back to the management application with an access tokena claimed identity  OpenID authentication response
8The uses accesses the managment application using the access token claimed identity  OpenID
9    
10    verifing assertions