process files taken from lasso 0.5 (not uptodate)

2 files changed, 136 insertions, 0 deletions

diff --git a/docs/lasso-book/defederation.process b/docs/lasso-book/defederation.process
new file mode 100644
index 00000000..50719272
--- /dev/null
+++ b/docs/lasso-book/defederation.process
@@ -0,0 +1,58 @@
+Federation Termination Notification
+
+(apply for both IdP and SP)
+
+/federationTermination (* normative, Federation Termination Notification service URL *)
+	defederation = lasos_defederation_new(server)
+	IF lasso_is_liberty_query(query)
+	    # query is a valid liberty message, then process it
+
+	    lasso_defederation_process_notification_msg(defederation, query)
+
+	    nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier
+	    # Retrieve session and user using name identifier.
+	    lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump)
+	    lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump)
+
+	    lasso_defederation_validate_notification(defederation)
+	    # Close the federation locally.
+	    # The user is no more authenticated on any identity provider, Log him out.
+
+	    REDIRECT TO LASSO_PROFILE(defederation)->msg_url
+
+	ELSE
+	    # query is not a valid liberty message, then initiates profile
+
+	    # identity and session from logged in user
+	    lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump)
+	    lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump)
+
+	    lasso_defederation_build_notification_msg(defederation)
+
+	    # close the local user account (session, index...)
+
+	    IF LaSSO_PROFILE(defederation)->msg_body:
+		SOAP CALL -------------------------------------------------------------\
+		    TO LASSO_PROFILE(defederation)->msg_url                            |
+		    BODY LASSO_PROFILE(defederation)->msg_body
+
+	    ELSE
+		REDIRECT TO LASSO_PROFILE(defederation)->msg_url
+
+/federationTerminationReturn  (* normative, Federation Termination service Return URL *)
+
+	# get the relay state if exists in query response
+
+/soapEndPoint (* normative, SOAP endpoint *)                                      <----/
+	defederation = lasso_defederation_new(server)
+	lasso_defederation_process_notification_msg(defederation, soapRequestMsg)
+	
+	nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier
+	# Retrieve session and user using name identifier.
+
+	lasso_defederation_validate_notification(defederation)
+	# Close the federation locally.
+	# The user is no more authenticated on any identity provider. Log him out.
+	# Return OK (204), even when the defederation validation fails.
+        ANSWER SOAP REQUEST WITH 204 (No content)
+
diff --git a/docs/lasso-book/name-registration.process b/docs/lasso-book/name-registration.process
new file mode 100644
index 00000000..53123412
--- /dev/null
+++ b/docs/lasso-book/name-registration.process
@@ -0,0 +1,78 @@
+Name Registration
+
+(apply for both IdP and SP)
+
+/nameRegistration (* normative, Name Registration service URL *)
+	registration = lasso_name_registration_new(server)
+
+	IF lasso_is_liberty_query(query)
+	    lasso_name_registration_process_request_msg(query)
+
+            oldNameIdentifier = registration->oldNameIdentifier
+            newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier
+
+            lasso_name_registration_validate_request(registration)
+
+	    # Update identity (session is not changed, because name identifiers
+	    # in assertions are left as is).
+	
+	    # Update nameIdentifier in indexes if it has changed.
+
+	    lasso_name_registration_build_response_msg(registration)
+	    REDIRECT TO LASSO_PROFILE(registration)->msg_url
+
+	ELSE
+	    lasso_profile_set_identity_from_dump(identityDump)
+	    lasso_name_registration_init_request(registration, remote_providerID, method)
+	    # method can be any, soap or redirect
+
+	    lasso_lib_register_name_identifier_request_set_relaystate(
+	        LASSO_PROFILE(registration)->request, relayState)
+	    # optionaly set relay state
+
+	    lasso_name_registration_build_request_msg()
+	    IF LASSO_PROFILE(registration)->msg_body:
+	        SOAP CALL -----------------------------------------------------------\
+		    TO LASSO_PROFILE(registration)->msg_url                          |
+		    BODY LASSO_PROFILE(registration)->msg_body
+
+		lasso_name_registration_process_response_msg(soap_answer_msg)
+		oldNameIdentifier = registration->oldNameIdentifier
+		newNameIdentifier = registration->nameIdentifier
+
+		lasso_name_registration_validate_request(registration)
+
+		# Update identity (session is not changed, because name
+		# indentifiers in assertions are left as is).
+
+		# Update nameIdentifier in indexes if it has changed.
+
+		lasso_name_registration_build_response_msg(registration)
+
+		REDIRECT TO LASSO_PROFILE(registration)->msg_url
+	    ELSE
+		# XXX: Use Redirect method
+
+
+/nameRegistrationReturn  (* normative, Name Registration service Return URL *)
+	registration = lasso_name_registration_new_from_dump(nameRegistrationDump)
+	lasso_name_registration_process_response_msg(registration, query)
+
+
+                                                                                       |
+/soapEndPoint (* normative, SOAP endpoint *)                                      <----/
+	    lasso_name_registration_process_request_msg(soapRequestMsg)
+
+            oldNameIdentifier = registration->oldNameIdentifier
+            newNameIdentifier = LASSO_PROFILE(registration)->nameIdentifier
+
+            lasso_name_registration_validate_request(registration)
+
+	    # Update identity (session is not changed, because name identifiers
+	    # in assertions are left as is).
+	
+	    # Update nameIdentifier in indexes if it has changed.
+
+	    lasso_name_registration_build_response_msg(registration)
+            ANSWER SOAP REQUEST WITH: LASSO_PROFILE(registration)->msg_body
+