To access an identity service, an entity must interact with a discovery service to locate the appropriate identity service as well as the specific identity service instance that exposes the resource. The Liberty ID-WSF Security Mechanisms Specification describes mechanisms (providing authentication, signing and encryption operations) that can be used to ensure the integrity and confidentiality of the authorization messages exchanged when evaluating the entity's authorization to access the discovery service and identity service instance. These mechanisms consider:
Authentication of the sender.
Proxy rights for a third party to make a request as identity services may be accessed directly or through the assistance of an intermediary.
Authentication of the response.
Authentication context and session status of the interacting entity.
Authorization of invocation identity to access service or resource.
For more information, see the Liberty ID-WSF Security Mechanisms Specification.