Deploying Mobile Web Services using Liberty Alliance’s Identity Web Services Framework (ID-WSF) from Sun Microsystems

White Paper

Simpli ed sequence ow

A The customer is browsing the merchant site and initiates a purchase of some item

using their wireless handset. Most wireless operators will handle this request through

a gateway though this is not required. The Liberty conformant Nokia WAP Gateway

adds LECP (Liberty Enabled Client Pro le), optimizes the wireless protocols, handles

white/black list and provides other necessary support features. At this point the

merchant site may create a browsing session for the user, but the user is still not

authenticated at this point.

B The merchant, who needs to authenticate the customer, can request authentication

via Sun Java System Access Manager server through the Nokia gateway. In return it

receives an SSO authentication token. Note that this is an ID-FF SSO token and thus

can mask real customer identity, thus helping to preserve customer privacy.

C The merchant requests the payment service to guarantee the transaction. First the

merchant site discovers the customer payment service, via the Discovery Service.

It then requests the payment services on behalf of the principal. This step leverages

the fact that the Liberty discovery mechanism is per principal oriented, allowing

merchants to request payment while not knowing the real customer identity.

D The payment service connects to the operator charging service to record this

transaction. The payment service discovers the operator charging service through the

Liberty Discovery Service in order to get a token that will allow it to request charging

on behalf of the Principal.

E Before charging the customer, the payment service needs to get formal user consent.

In the simplest use case, consent might be given globally for a set of services within

customer pro le. In a real deployment, a buying action it is most likely to require

interactive consent. Fortunately Liberty ID-WSF supports three models for obtaining

user consent. In this scenario any one of the three could be valid, and the choice will

depend on business agreement, and customer preferences. Depending on the chosen

model, consent can either:

Figure 3.

Circle Of Trust

Wireless Operator

Merchant

Payment

Service

Customer

Sun Java System

Access Manager

" Authentification/SS

" Federation

" Discovery service

Common

repository

" LDAP

" Radius

Nokia WAP

Gateway

Nokia phone

" Liberty PAOS

" Interaction

Nokia Charging

Center, NCC

" Charging

Telco

backbone