User identifying step

In the user identifying step, the delegating entity (e.g. e-banking system) tells the IAM transaction approval service, which user needs to approve the transaction.

Typically, but not necessarily, the username is transported to the delegating entity via an identity propagation mechanism.

Note that the user is not authenticated in this step, i.e. no password or other credential is involved.

It is therefore important that any flow beginning with this step can only be called by a trusted, authenticated entity. This can be ensured by correctly authenticating the delegating entity.

Step 2 - HTTP request - user identifying step

    "username" : "jdoe"