•Before going online
the airline and car rental agency create a business relationship for their online services.
It is decided that the airline will take care of security issues – it will store customer usernames and passwords, enforce
password length and style, as well
as how frequently the password must be changed. The airline informs the rental car agency of the security policies it will enforce:
–Each username
must be unique.
–A password
must be at least 8 characters long, and must contain both uppercase and
lowercase letters.
–A password
must be changed at least once every six months.
–Users will be authenticated through the presentation of their username
and password over a protected (HTTPS) session.
–A user that
logs in and is then inactive for more than five minutes will be automatically
logged out.
•The car
rental agency agrees to this security policy.
•The airline creates an
XML document which contains all the aspects of the security policy shown above.
The XML document conforms to saml-schema-authn-context-ppt-2.0.xsd, and the XML document is placed at this URL: http://www.AirlineInc.com/authentication-context.xml
•The airline
and the car rental agency then proceed to build their online services.