1 Introduction

This document specifies the TAS3 Discovery function, see [TAS3ARCH] Fig-2.2, comprising of ID Mapper, Registry Server, Linking, and Trust and Privacy Negotiator. The discovery function aims at solving two problems: issuance of credentials, or tokens, for specific transactions such that wild card credentials can be avoided; and finding out where a given service is hosted for given user, so that it is possible to host the same service for different users in different places, promoting competitive market place for the Service Providers.

This solution addresses Reqs. D1.2-2.3-BMs (discoverability), D1.2-2.14-Priv (pseudonymous design, attribute pull enablement), D1.2-3.11-UPAPD (the policy discovery aspect), D1.2-7.17-Increm (incremental release of credentials), D1.2-3.12-SPManifest (discovery based on privacy policy), D1.2-3.13-BPAdapt (business process adaptation by coordinating discovery), D1.2-3.14-PIIPolicyDisco (discovery keyed on adequate policies), D1.2-3.15-SecPreserve (discovery of policies so that business process can be adapted preserving certain policy properties), D1.2-4.2-BPPrivacy (use of pseudonyms in Business process).

An important architectural property pf the discovery function is that it allows fully pseudonymous operation, thus avoiding leakage of correlation handles and improving privacy protection in complex, intercalling, systems.

The discovery function also addresses user not present transactions, provides for some delegation scenarios, and acts as registry of services playing a part in Service Provider compliance validation business process.

[Prev | Next]