N.B. The IM does not get used at the last step of the chain. It has to produce n + 1 tokens for n invocations. This introduces a slight inefficiency.
An improvement of the efficiency of the process is as follows:
Each service provider is only given the authn token and is not given the IM token. If the service provider can provide the service then no IM token is needed. If the service provider needs to contact another service provider, then it contacts the IM to ask for the ID of the user at the next service provider. It refers to the user using the permanent ID by which the user is known to the IM and B (e.g. 456B for B or 123A for A). In this case 789IM is never known to any of the service providers and is internal to the IM. The IM can use the permanent ID to look up the user, find its local ID (789) then locate the permanent ID at the next service provider and send this encrypted for the next service provider, back to the requesting service provider for it to forward to the new service provider.
Problems with this approach: if there are multiple IMs, the service
provider will not know which one to contact. If there is only one IM,
this is ok. But, the protocol is not standard. Where as the protocol
we defined above is a standard Liberty Alliance protocol.