Provisioning Access via Shibboleth-delivered Role Data
node [shape=rect];
login [style=rounded, label="User Signs In"];
register [label="triggers workflow to ask admin to assign permission"];
assign_access [label="admin assigns role in permission management system"];
role_update [label="triggers group/role/entitlement data update in Directory; updates ARP"];
provision [label="sp provisions access using shib-delivered data];
done [style=rounded, label="user enters application"];
has_data [label="does shib assert enough role data for sp to provision access?"]
has_access [shape=diamond , label="does user have access?"];
login -> has_access;
has_access -> has_data [label="no"];
has_access -> done [label="yes"];
has_data -> provision;
provision -> done;
has_data -> register;
register -> assign_access;
assign_access -> role_update;