1.5 Prerequisites/Preconditions

  • Article

The following prerequisites and preconditions are required by the Passport SSI Version 1.4 Protocol:

  • The client is configured with the URL of the configuration server for its realm.<1>

  • The client has the capability to obtain credentials (that is, a user name and password) from the user. A Passport SSI Version 1.4 Protocol client can utilize local code to obtain the credentials locally, and to provide those cached credentials to the authentication server. The cache might be shared by many such applications, and each application might be capable of obtaining the credentials from users and caching them, using the same local code.

  • The authentication server for the client's realm might be able to validate the credentials (that is, a user name and password) of any user registered with that realm. The authentication server is configured with its realm name and any co-branding information that is to be passed to the client (as specified in section 2.2.2) as well as the current version number for the configuration server's configuration data (as specified in section 2.2.3). If the authentication server is implemented in a distributed manner, it has a method for determining to what authentication server URL to redirect a given client within its realm (based on the client's presented credentials or authentication token), as specified in section 2.2.5.

  • The partner server and authentication server share a partner token format along with a set of criteria for recognizing if a given partner token is valid. They also share a set of definitions for the information that will be transported from the partner server to the authentication server when a client attempts to authenticate to the partner server, as specified in section 2.2.8. This information is received in a protocol message by the client (as specified in section 2.2.8) and encoded in a format chosen by the realm. It is then sent to the authentication server by the client in a subsequent message, as specified in sections 2.2.7 and 2.2.10.

    Finally, the partner server and authentication server agree on a URL to which the client is to be sent after it is successfully authenticated at the request of the partner server, as specified in section 2.2.11.

  • The configuration server for the realm is provisioned with all the configuration data necessary to construct an update configuration message, as specified in section 2.2.12.