Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Federated identity
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Management== {{More citations needed section|date=January 2017}} In information technology (IT), federated identity management (FIdM) amounts to having a common set of policies, practices and protocols in place to manage the identity and trust into IT users and devices across organizations.<ref>http://net.educause.edu/ir/library/pdf/EST0903.pdf {{Webarchive|url=https://web.archive.org/web/20170829201047/http://net.educause.edu/ir/library/pdf/EST0903.pdf |date=2017-08-29 }} 7 things you should know about Federated Identity Management</ref> Single sign-on (SSO) systems allow a single user authentication process across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and technical interoperability. [[Centralized]] identity management solutions were created to help deal with user and data security where the user and the systems they accessed were within the same network β or at least the same "domain of control". Increasingly, however, users are accessing external systems which are fundamentally outside their domain of control, and external users are accessing internal systems. The increasingly common separation of the user from the systems requiring access is an inevitable by-product of the decentralization brought about by the integration of the Internet into every aspect of both personal and business life. Evolving identity management challenges, and especially the challenges associated with cross-company, cross-domain access, have given rise to a new approach to identity management, known now as "federated identity management".<ref>{{Cite book |chapter=Federated Identity Management Challenges |chapter-url=https://ieeexplore.ieee.org/document/6329187 |access-date=2023-12-11 |doi=10.1109/ares.2012.68 |title=2012 Seventh International Conference on Availability, Reliability and Security |date=2012 |last1=Jensen |first1=Jostein |pages=230β235 |isbn=978-1-4673-2244-7 |s2cid=18145013 }}</ref> FIdM, or the "federation" of identity, describes the technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Identity federation comes in many flavors, including "user-controlled" or "user-centric" scenarios, as well as enterprise-controlled or [[business-to-business]] scenarios. Federation is enabled through the use of open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use-cases. Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange. Use of identity federation standards can reduce cost by eliminating the need to scale one-off or proprietary solutions. It can increase security and lower risk by enabling an organization to identify and authenticate a user once, and then use that identity information across multiple systems, including external partner websites. It can improve privacy compliance by allowing the user to control what information is shared, or by limiting the amount of information shared. And lastly, it can drastically improve the end-user experience by eliminating the need for new account registration through automatic "federated provisioning" or the need to redundantly login through cross-domain single sign-on. The notion of identity federation is extremely broad, and also evolving. It could involve user-to-user and user-to-application as well as application-to-application use-case scenarios at both the browser tier and the web services or [[service-oriented architecture]] (SOA) tier. It can involve high-trust, high-security scenarios as well as low-trust, low-security scenarios. The levels of identity assurance that may be required for a given scenario are also being standardized through a common and open [[Identity Assurance Framework]]. It can involve user-centric use-cases, as well as enterprise-centric use-cases. The term "identity federation" is by design a generic term, and is not bound to any one specific protocol, technology, implementation or company. Identity federations may be bi-lateral relationships or multilateral relationships. In the latter case, the multilateral federation frequently occurs in a vertical market, such as in law enforcement (such as the National Identity Exchange Federation - NIEF<ref>{{Cite web|url=https://nief.org/|title=National Identity Exchange Federation|website=nief.org|language=en-US|access-date=2018-05-15}}</ref>), and research and education (such as InCommon).<ref>{{Cite web|url=http://incommon.org|title=InCommon: Security, Privacy and Trust for the Research and Education Community|website=incommon.org|access-date=2018-05-15}}</ref> If the identity federation is bilateral, the two parties can exchange the necessary metadata (assertion signing keys, etc.) to implement the relationship. In a multilateral federation, the metadata exchange among participants is a more complex issue. It can be handled in a hub-and-spoke exchange or by the distribution of a metadata aggregate by a federated operator. One thing that is consistent, however, is the fact that "federation" describes methods of identity portability which are achieved in an open, often standards-based manner β meaning anyone adhering to the open specification or standard can achieve the full spectrum of use-cases and interoperability.<ref>{{Cite journal |last=Cabarcos |first=Patricia Arias |date=2013 |title=Dynamic Infrastructure for Federated Identity Management in Open Environments |url=http://rgdoi.net/10.13140/RG.2.1.2918.0962 |language=en |doi=10.13140/RG.2.1.2918.0962}}</ref> Identity federation can be accomplished any number of ways, some of which involve the use of formal Internet standards, such as the [[OASIS (organization)|OASIS]] [[Security Assertion Markup Language]] (SAML) specification, and some of which may involve open-source technologies and/or other openly published specifications (e.g. [[Information Card]]s, [[OpenID]], the [[Higgins trust framework]] or Novell's Bandit project).
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)