Federation BasicsA federation is a collection of organizations that have agreed to interoperate using an common set of rules, particularly in the areas of privacy and security. Because of these agreements, federation members do not have to negotiate individually with every other member. Federations also agree on standard methods for authentication and authorization, using single sign-on technology. Federations include Identity Providers (IdP) and Service Providers (SP). IdPs maintain identity databases and authenticate users. Service Providers have a protected online resource and authorize users. Because of the federation trust agreements, an Identity Provider releases only the information the Service Provider needs to make an authorization decision. The Service Provider does not need to maintain user databases, instead leveraging the IdP’s identity system. Federations will usually define a trust fabric, provide a set of agreed-on attributes used for exchanging information, offer software to enable authentication and authorization, and distribute the metadata necessary for interoperability. Federation participants use some type of SAML-based federating and single sign-on software. Shibboleth, an open-source software developed by Internet2, is a popular choice, but there are others. There are also companies that provide consulting and turn-key solutions for federated identity management. |
Ready the PipesA Campus Technology report on why now is the time to get your identity management infrastructure in place - and federating is a key part of that strategy. Benefits of FederatingBenefits of Federating (from InCommon) Benefits of Federating (from the U.K.) Need Help?
|
Do limits on time, resources, or expertise have you stymied? Several companies provide either consulting or turn-key solutions for either identity management or federated IdM, or both. 
InCommon
is operated by