# SIOP with OpenID Federation Entity Statements <!-- It is only a matter of time before I publicly type WS-Federation --> ```plantuml @startuml autoactivate on hide footbox skinparam monochrome true skinparam roundcorner 5 actor User control "Relying Party" as RP boundary "Redirect URI" as Redir boundary "Authorization Endpoint" as AE control "Self-Issued OP" as SIOP boundary "Resolvers" as VDR note over RP, SIOP Preconditions: * Creation of trust framework(s) which use OpenID Federation entity statements * RP and OP are members with entity statements up to trust authorities * RP has resolved entity metadata of issuer end note User->RP: request authentication\nand/or credentials RP -> VDR: resolve current SIOP metadata VDR --> RP: metadata RP -> RP: Create signed\nrequest object deactivate RP RP -> AE: request id_token note left request contains: client_id, response_type, request JWT end note AE -> SIOP: browser resolution\nfrom endpoint URI deactivate AE SIOP -> VDR: check for current RP metadata VDR --> SIOP SIOP -> SIOP: create local\nclient registration deactivate SIOP deactivate SIOP SIOP -> SIOP: process request SIOP -> User: user consent for disclosure User --> SIOP: consented deactivate SIOP SIOP -> Redir: response deactivate SIOP note right response contains: state, id_token end note Redir -> RP: response deactivate Redir RP -> VDR: check for current subject metadata VDR --> RP: signing key RP -> RP: verify response deactivate RP RP->User: transaction status or\nauthenticated session @enduml ```