Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Analyzing the Deployment

Secure Attributes Exchange uses the SAMLv2 protocol to transfer identity data between the communicating entities. The Secure Attributes Exchange client APIs, including both Java and .NET interfaces, run independently of the OpenSSO Enterprise instance. The Secure Attributes Exchange client APIs enable existing applications to handle the SAMLv2 interactions.

The following figure illustrates the deployment architecture for Secure Attributes Exchange.

Figure 6–3 Deployment Architecture for Secure Attributes Exchange

Identity Provider and Service Provider communicate
through SAMLv2 and Single Sign-On protocols.

In this Secure Attributes Exchange example:

The figures Figure 6–4 and Figure 6–5 illustrate the process flow in a typical Secure Attributes Exchange interaction. In this example, bank employees each have a user account in a bank's employee identity system. Employees routinely access an internal application that validates bank customers' personal checks. The bank employees are required to authenticate themselves before accessing the Cheque Validation application. Validating checks involves retrieving the check images which are stored and processed by the Cheque Image application. The Cheque Image application which is hosted by a business partner at a remote site. User identity and attribute data must be supplied by the local Cheque Validation application and passed to the remote Cheque Image application in a secure manner.

Figure 6–4 Process Flow for Secure Attributes Exchange (Continued on next page)

Text-based, needs no further explanation.

Figure 6–5 Process Flow for Secure Attributes Exchange (Continued)

Text-based, needs no new explanation.