1.3 Overview

The protocol client connects to a protocol server that is gated by forms based authentication by sending messages via HTTP. The following sequence diagram illustrates one way, entailing three steps, of establishing an identity using forms based authentication between a protocol client and a protocol server.

Figure 1: Sequence diagram

The three steps for establishing an identity using forms based authentication between a protocol client and a protocol server are as follows:

1. Initialization: The protocol client sends an initial request for any transaction between that client and the protocol server. The server responds that its authentication method is forms based authentication, as specified in section 2.2.2, including the location to which the client should navigate to authenticate. If the server response does not include this location, it is assumed to be the location to which the original request was issued. This response optionally includes the location to which the protocol server will redirect the user upon successfully authenticating that user.

2. Negotiation: Having determined that the protocol server is capable of establishing an identity by using forms based authentication, the protocol client renders the HTML returned from the request to the remote location provided by the server in step 1.  Note that the duration of this step is neither deterministic nor specified by this protocol. The reason is that the client will continue to follow as many redirects and refreshes as necessary to successfully establish the identity, until the server redirects either to the original URI or, if specified, the return URI provided by the server in step 1.

3. Finalization: After the protocol server redirects the protocol client to the return URI, the protocol client assumes that the identity has been successfully established and reissues the original request from step 1. Note that the process for actually establishing the user’s identity is not specified by this protocol.