...
These components work with SSO AuthN and Attribute Resolver services to provide standards-based mechanisms for interfacing applications with institutional SSO. Vended applications and cloud providers that support either the SAML or Oauth protocols can be interfaced with institutional SSO and can receive user attributes through the SAML and Oauth IDP components.
Relying Party Data (aka Metadata)
The Relying Party Data component keeps track of the relationship between authentication services and service providers. This component tracks metadata about each service provider including the security components to validate the service provider and the attribute release policies that determine which attributes should be provided to each service provider. Relying Party Data represents an agreement between the institution and a service provider (or federation of service providers) about the strength at which users should be authenticated and the data about users that should be released from the institution to the service provider.
Consent Service
The Consent Service component engages the user in the attribute release process by providing a mechanism to prompt the user for a decision about whether or not it is appropriate to release a particular data element to a requesting application. Where the Relying Party Data above represents an agreement between the institution and a service provider, the Consent Service engages the user in the transaction.
For example, a user authenticating to a cloud service that requires an requiring release of 'email address' from the institution can be prompted whether or not they choose to release their email address to the application, or can be made aware that this data is being released. The Consent Service can provide an audit trail to meet record keeping requirements around management of 'opt-in' and 'opt-out' data release policies.
As privacy regulations mature and application integration becomes increasingly distributed, user consent is expected to become an increasingly important component.
Relying Party Data (aka Metadata)
The Relying Party Data component keeps track of the relationship between authentication services and service providers. This component tracks metadata about each service provider including the security components to validate the service provider and the attribute release policies that determine which attributes should be provided to each service providerof the identity management ecosystem.
Attribute Resolver
The Attribute Resolver component translates between the internal data structures in the TIER architecture and the attributes that are delivered to service providers. The attribute resolver maps specific internal data constructs to normalized attributes so that service providers do not need to be aware of the inner workings of the TIER architecture to consume attribute information about users that are accessing their services.