3 Protocol Details
The client side of this protocol is simply a pass-through. That is, no additional timers or other state is required on the client side of this protocol. Calls made by the higher-layer protocol or application are passed directly to the transport, and the results returned by the transport are passed directly back to the higher-layer protocol or application.
There is no order in which methods are required to be called, except that at least one of the sign in methods, SignIn (section 188.8.131.52) and SignInMultiple (section 184.108.40.206), MUST precede the sign out methods, SignOut (section 220.127.116.11) and SignOutMultiple (section 18.104.22.168). The sign in and sign out methods require as input valid GUIDs that can be retrieved using the GetGroups method (section 22.214.171.124). If the user is not an agent, all the methods from the protocol having a Boolean as a return value will return false.
Except where specified, protocol clients SHOULD interpret HTTP status codes returned by the protocol server as specified in [RFC2616] (Section 10, Status Code Definitions). This protocol allows protocol servers to perform implementation-specific authorization checks and notify protocol clients of authorization faults using HTTP status codes.