RR: End-to-End Identity Propagation

RR: End-to-End Identity Propagation

Chief Information Officer

IC Technical Specifications

REST Service Encoding Specification for Identity Propagation


This technical specification applies to non-SOAP-based web services over HTTP and provides guidance for REST-based services in an environment that does not utilize a Security Token Service (STS).

(U) This specification provides a mechanism to track a sequence of requestor identifier(s), from the initiating requestor to the final called service, providing "end-to-end" visibility of the requestor(s) in the transaction sequence.

The solution provided by this specification provides a mechanism for conveying identity in an interoperable manner. The specification does not by itself provide integrity, confidentiality or non-repudiation of the requestor identity or identities over the service chain. This specification will, however, address how these security goals can be accomplished by using this specification in combination with other security mechanisms.

Current Version