Alice signs in to her Identity provider

This is Alice's home page at her Identity Provider. At this point, she has no 'friends' in her list. To seamlessly access her account at a photo provider, Alice clicks the icon of the photo SP.

This is Alice's page at the photo provider. Alice clicks a link to her photo album.

This is Alice’s photo album page. Alice wants to share some photos with a friend of hers. She clicks on the 'Share Photos' link.

To determine the list of friends with which Alice might wish to share her photos, Alice's People Service must be discovered. Alice instructs the photo provider to find her People Service.

The Photo Provider discovers Alice's People Service, and then asks for the list of members Seeing that he is not already in her list of friends, Alice submits “Joe”. Joe will be invited to join Alice's list of friends through an email message.

When Joe receives an invitation from Alice, he open the page of the invitation URL At this point, Joe can give informed consent to accept Alice’s invitation. Two things happen: 1) Joe is added to Alice's list of friends 2) Joe can access Alice's photos

Now, when Joe accesses the photo provider through his identity provider account), he is able to view Alice's photos. Joe was not forced to create a (new) account at the photo provider in order to view Alice's photos.

Now, when back at her identity provider, Alice can see that Joe has been added to her friends list. Joe's membership in the list can be re-used at other service providers. For instance, Alice can define access privileges for Joe at her calendar service without requiring Joe get involved again.

Because Joe has already been added (in the context f the photos) to Alice's list of friends, he shows up when the calendar provider asks for the list. In order to share her schedule information, Alice need only specify that she wants Joe to have access to her calendars.