This is an old revision of this page, as edited by 69.91.145.223 (talk) at 03:21, 5 October 2006 (insert eWeek article about Federated Identity Management). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 03:21, 5 October 2006 by 69.91.145.223 (talk) (insert eWeek article about Federated Identity Management)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)In information technology, federated identity has two general meanings:
- The virtual reunion, or assembled identity, of a person's user information (or principal), stored across multiple distinct identity management systems. Data is joined together by use of the common token, usually the user name.
- The process of a user's authentication across multiple IT systems or even organizations.
For example, a traveler could be a flight passenger as well as a hotel guest. If the airline and the hotel use a federated identity management system, this means that they have a contracted mutual trust in each other's authentication of the user. The traveler could identify themselves once as a customer for booking the flight and this identity can be carried over to be used for the reservation of a hotel room.
Reference article from eweek.com
What's Federated Identity Management?
http://www.eweek.com/article2/0,4149,1378436,00.asp
November 10, 2003
By David F. Carr, Baseline
What is it? A system that allows individuals to use the same user name, password or other personal identification to sign on to the networks of more than one enterprise in order to conduct transactions.
How is it used? Partners in a Federated Identity Management (FIM) system depend on each other to authenticate their respective users and vouch for their access to services. That allows, for example, a sales representative to update an internal forecast by pulling information from a supplier's database, hosted on the supplier's network.
Why is it necessary? So that companies can share applications without needing to adopt the same technologies for directory services, security and authentication. Within companies, directory services such as Microsoft's Active Directory or products using the Lightweight Directory Access Protocol have allowed companies to recognize their users through a single identity. But asking multiple companies to match up technologies or maintain full user accounts for their partners' employees is unwieldy. FIM allows companies to keep their own directories and securely exchange information from them.
How does it work? A company must trust its partners to vouch for their users. Each participant must rely on each partner to say, in effect, "This user is OK; let them access this application." Partners also need a standard way to send that message, such as one that uses the conventions of the Security Assertion Markup Language (SAML). SAML allows instant recognition of whether the prospective user is a person or a machine, and what that person or machine can access. SAML documents can be wrapped in a Simple Object Access Protocol message for the computer-to-computer communications needed for Web services. Or they may be passed between Web servers of federated organizations that share live services.
Who is using it? Early adopters include American Express, Boeing, General Motors and Nokia. Another, Proctor & Gamble, had improvised its own federated-identity system using the more generic eXtensible Markup Language but is now moving to adopt SAML.
Are the standards solid? They're getting there. SAML is backed by the Organization for the Advancement of Structured Information Standards (OASIS). The Liberty Alliance, an industry group formed to promote federated-identity standards, has adopted SAML 1.1 as part of its application framework. Microsoft and IBM have proposed an alternative specification called WS-Security. But Dan Blum, a technology analyst with the Burton Group of Midvale, Utah, believes that OASIS may try to make these two approaches converge in SAML 2.0.
What are the challenges? Trusting a partner to authenticate its own users is a good thing only if that partner has solid security and user-management practices. Also, while some Web access-management products now support SAML, implementing the technology still commonly requires customization to integrate applications and develop user interfaces.
Comment
See discussion for elaboration about other meanings.
See also
This computing article is a stub. You can help Misplaced Pages by expanding it. |