This is an old revision of the document!
What if solution requires more than pure authentication? In that case an integrator can use AAA Reverse Proxy transaction system. Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor. Tiny coding effort is required like providing confirmation text and evaluating the operation. When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported:
This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy.
Then AAA Reverse Proxy creates a request and sends it via push notification to user’s smart phone Request is processed via PEIG User confirms it and provides personal factor AAA Reverse Proxy evaluates request and sends a response back to service provider applications
User experience:
This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication).
Now ADUCID integration code call PEIG or display a QR code Request is processed via PEIG (directly or QR scan) User confirms it and provides personal factor User is redirected back to application (return URL) AAA Reverse Proxy writes transaction status to http header
User experience: