Simpli ed sequence ow
A The customer is browsing the merchant site and initiates a purchase of some item
using their wireless handset. Most wireless operators will handle this request through
a gateway though this is not required. The Liberty conformant Nokia WAP Gateway
adds LECP (Liberty Enabled Client Pro le), optimizes the wireless protocols, handles
white/black list and provides other necessary support features. At this point the
merchant site may create a browsing session for the user, but the user is still not
authenticated at this point.
B The merchant, who needs to authenticate the customer, can request authentication
via Sun Java System Access Manager server through the Nokia gateway. In return it
receives an SSO authentication token. Note that this is an ID-FF SSO token and thus
can mask real customer identity, thus helping to preserve customer privacy.
C The merchant requests the payment service to guarantee the transaction. First the
merchant site discovers the customer payment service, via the Discovery Service.
It then requests the payment services on behalf of the principal. This step leverages
the fact that the Liberty discovery mechanism is per principal oriented, allowing
merchants to request payment while not knowing the real customer identity.
D The payment service connects to the operator charging service to record this
transaction. The payment service discovers the operator charging service through the
Liberty Discovery Service in order to get a token that will allow it to request charging
on behalf of the Principal.
E Before charging the customer, the payment service needs to get formal user consent.
In the simplest use case, consent might be given globally for a set of services within
customer pro le. In a real deployment, a buying action it is most likely to require
interactive consent. Fortunately Liberty ID-WSF supports three models for obtaining
user consent. In this scenario any one of the three could be valid, and the choice will
depend on business agreement, and customer preferences. Depending on the chosen
model, consent can either:
Circle Of Trust
Sun Java System
" Discovery service
" Liberty PAOS