Data Retrieval Example

ds.jpg (13035 bytes)

A. User Initializes Data request by contacting AAA

If the user is requesting privacy then they must establish a trusted channel with the AA Server.

B. AAA server authentictes user and returns authorization token

Token contains the policy or permission description that allows access to the necessary data.

C. User presents token to data source 1 with request for data

Data source 1 must trust the AAA server to assign the permissions granted in the token

E. User presents token to data source 2 with request for data

Data source 2 must trust the AAA server to assign the permissions granted in the token. Identity is meaningless in the foreign organisation. (except perhaps for auditing)