This diagram shows the identity propagation over HTTP. The text preceding this figure describes the flow. In the graphic, there are three areas. On the left, there is a computer accessing a client application in Domain 1. In the middle is a box that represents Domain 1. On the right side, there is another box that represents Domain 2. Domain 1 contains two small boxes labeled Client Application and OPSS Trust Service. There is a small arrow that connects the Client Application box and the OPSS Trust Service box (1), and another arrow from the Trust Service to the Client Application (2). In Domain 2, there are three small boxes labeled Identity Asserter, Servlet Application, and OPSS Trust Service. There is an arrow connecting the Client Application box in Domain 1 (3) to the Identity Asserter box in Domain 2, which connects to the OPSS Trust Service box (4) and the Servlet Application box (6). The OPSS Trust Service also connects back to the Identity Asserter (5). There is an arrow connecting the Servlet Application box in Domain 2 to the Client Application box in Domain 1 (7). There is a double-sided arrow that connects Domain 1 to the Keystore box; similarly a double-sided arrow from Domain 2 to its Keystore box.