Skip to content

Authorization Pre Flight

Jump to bottom Edit New page
Mike Varley edited this page Jul 31, 2020 · 1 revision

Authorization Servers may have specific policies, logic, or costs associated with performing an End User authorization on behalf of a client or resource server.

Authorization Servers need a mechanism for a specific Client transaction to be 'pre-authorized' or checked before allowing the End-User authorization to proceed.

   Client -> AZ:       May I have permission to ask an End User to authenticate using 
                       a costly high assurance method and authorize access to resource A for me?
   AZ -> Client:       yes, here is a 'ticket' I have approved this authorization. 
                       Please send me the End User with this ticket.
   Client -> End User: Go to the AZ and present this ticket
   End User -> AZ:     Here's my 'ticket' from the Client, what's this all about?
   AZ -> AZ:           The ticket says I can proceed with authentication, it costs me $1.
   AZ -> End User:     please authenticate using this costly high assurance method
   End User -> AZ:     done. what next?
   AZ -> End User:     do you want to share resource A with Client?
   End User -> AZ:     yes.
   AZ -> End User:     Ok, let's get you back to the Client
   ...
Add a custom footer
Add a custom sidebar
Clone this wiki locally