Federated identity

Federated identity

In information technology, federated identity has two general meanings:
* The virtual reunion, or "assembled identity", of a person's user information (or ), stored across multiple distinct identity management systems. Data is joined together by use of the common token, usually the user name.
* The process of a user's authentication across multiple IT systems or even organizations.

For example, a traveler could be a flight passenger as well as a hotel guest. If the airline and the hotel use a federated identity management system, this means that they have a contracted mutual trust in each other's authentication of the user. The traveler could identify him/herself once as a customer for booking the flight and this identity can be carried over to be used for the reservation of a hotel room.

Background

Centralized identity management solutions were created to help deal with user and data security where the user and the systems they accessed were within the same network -- or at least the same ‘domain of control’. Increasingly however, users are accessing external systems which are fundamentally outside of their domain of control, and external users are accessing internal systems. The increasingly common separation of user from the systems requiring access is an inevitable by-product of the decentralization brought about by the integration of the Internet into every aspect of both personal and business life. Evolving identity management challenges, and especially the challenges associated with cross-company, cross-domain issues, has given rise to a new approach of identity management, known now as ‘federated identity management.’

Identity Federation

Federated identity, or the ‘federation’ of identity, describes the technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Identity federation comes in many flavors, including ‘user-controlled’ or ‘user-centric’ scenarios, as well as enterprise controlled or B2B scenarios. Federation is enabled through the use of open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange. Use of identity federation standards can reduce cost by eliminating the need to scale one-off or proprietary solutions. It can increase security and lower risk by enabling an organization to identify and authenticate a user once, and then use that identity information across multiple systems, including external partner websites. It can improve privacy compliance by allowing the user to control what information is shared, or by limiting the amount of information shared. And lastly, it can drastically improve the end-user experience by eliminating the need for new account registration through automatic ‘federated provisioning’ or the need to redundantly login through cross-domain single sign-on. Leading enterprises around the world have deployed identity federation to get closer with partners, improve customer service, accelerate execution of business partnerships and alliances, cut cost and complexity of integrating outsourced services, and free themselves from vendor lock-in. End-users and consumer focused web sites are now beginning to engage in identity federation through the adoption of OpenID, which is an open source specification for enabling federation use-cases. The notion of identity federation is extremely broad, and also evolving. It could involve user-to-user, user-to-application as well as application-to-application use-case scenarios at both the browser tier as well as the web services or SOA (service-oriented architecture) tier. It can involve high-trust, high-security scenarios as well as low-trust, low security scenarios. It can involve user-centric use-cases, as well as enterprise-centric use-cases. The term ‘identity federation’ is by design, a generic term, and is not bound to any one specific protocol, technology, implementation or company. One thing that is consistent, however, is the fact that ‘federation’ does describe methods of identity portability which are achieved in an open, often standards-based manner – meaning anyone adhering to the open specification or standard can achieve the full spectrum of use-cases and interoperability. Identity federation can be accomplished any number of ways, some of which involve the use of formal Internet standards, such as the OASIS SAML specification, and some of which may involve open source technologies and/or other openly published specifications, (e.g. Information Cards, OpenID, the Higgins trust framework or Novell’s Bandit project).

ee also

* Athens access and identity management
* Digital identity
* Identity Metasystem
* Information Card
* Liberty Alliance
* Shibboleth
* Windows CardSpace
* WS-Federation
* Central Authentication Service
* The Active Directory Federation Services (ADFS) in Windows 2003.

References

* [http://www.eweek.com/article2/0,4149,1378436,00.asp Article from EWeek.com on "What is Federated Identity Management?]
* [http://www.sun.com/software/media/flash/demo_federation/index.html Overview from Sun on "What is Federated Identity Management?]
* [http://www.authenticationworld.com/Authentication-Federation/ Authentication Federation Article from AuthenticationWorld]
* [http://www.digitalproductions.co.uk/index.php?id=69 Ideating Identity]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Federated identity — Eine föderierte Identität ist eine „zusammengefasste“ Identität, die sich über mehrere Systeme erstreckt. Identitätsinformationen werden oft in verschiedenen Systemen gehalten und genutzt. Wenn Unternehmen A beispielsweise seine PCs immer bei… …   Deutsch Wikipedia

  • Identity and Access Management — (IAM) is a concept that combines business processes, policies and technologies that enable companies to: * provide secure access to any resource. * efficiently control this access. * respond faster to changing relationships. * protect… …   Wikipedia

  • Identity — may refer to:Philosophy* Identity (philosophy), the sameness of two things * Identity theory of mind, in the philosophy of mind, holds that the mind is identical to the brain * Personal identity (philosophy) * Identity (social science) * Identity …   Wikipedia

  • Identity management — In information systems, identity management is the management of the identity life cycle of entities (subjects or objects). An identity management system: # Establishes the identity ## Links a name (or number) with the subject or object; ## Re… …   Wikipedia

  • Identity-Management — Als Identitätsmanagement (IdM) wird der zielgerichtete und bewusste Umgang mit Identität, Anonymität und Pseudoanonymität bezeichnet. Der Personalausweis ist ein Beispiel für eine staatlich vorgegebene Form der Identifizierung. Inhaltsverzeichnis …   Deutsch Wikipedia

  • Identity Management — Als Identitätsmanagement (IdM) wird der zielgerichtete und bewusste Umgang mit Identität, Anonymität und Pseudoanonymität bezeichnet. Der Personalausweis ist ein Beispiel für eine staatlich vorgegebene Form der Identifizierung. Inhaltsverzeichnis …   Deutsch Wikipedia

  • Federated Suns — In the fictional BattleTech Universe, the Federated Suns is the Successor State ruled by House Davion. The Federated Suns is considered the military powerhouse of the five Successor States. In fact, one of the requirements for the title of First… …   Wikipedia

  • Federated Department Stores, Inc. —    The history of Federated Department Stores, Inc., began with John Shillito, when he founded Shillito s Department Store in Cincinnati, Ohio, in 1830. In 1929, Shillito, F & R Lazarus, Filene s, and other family owned stores joined together and …   Historical Dictionary of the Fashion Industry

  • Digital identity — For related uses, see Internet identity Digital identity is the aspect of digital technology that is concerned with the mediation of people s experience of their own identity and the identity of other people and things. Digital identity also has… …   Wikipedia

  • Athens access and identity management — Athens is an Access and Identity Management service that is supplied by Eduserv to provide single sign on to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”