3.1.1 Abstract Data Model

This section contains a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that specified in this document.

This protocol is used by client applications to identify server applications and authenticate those server applications. It uses the standard Internet authentication techniques specified in [SAML], [WSFederation], [WSS], [WSTrust1.4], and [XMLDSig2] for that identification and authentication.

Clients that implement this protocol take the following steps to establish a relationship with the federation management service:

  1. Create an application identifier by using the CreateAppId operation, as specified in section 3.1.4.2.

  2. Place the application identifier on the domain's DNS server as a TXT record.

  3. Reserve a domain name with the federation management service by using the ReserveDomain operation, as specified in section 3.1.4.6.

  4. Register the URI that is associated with the domain with the federation management service by using the AddUri operation, as specified in section 3.1.4.1.

Clients can request and modify information stored with the federation management service by doing the following:

  • Using the GetDomainInfo operation, as specified in section 3.1.4.3, to retrieve domain information from the federation management service.

  • Modifying the information stored with the federation management service by using the UpdateAppIdCertificate operation, as specified in section 3.1.4.7, and the UpdateAppIdProperties operation, as specified in section 3.1.4.8.

Clients can end participation with the federation management service by doing the following:

  • Using the RemoveUri operation, as specified in section 3.1.4.5, to remove a URI registered to the domain.

  • Using the ReleaseDomain operation, as specified in section 3.1.4.4, to remove a registered domain from the federation management service.

Show: