Federated identity

A federated identity ( English Federated Identity ) is a "summarized" identity , which extends over several systems . Identity information is often held and used in different systems. For example, if company A always orders its PCs from company B, then the ordering persons and their roles in company A are defined. In company B, however, it is specified which orders may be carried out by which role . Identity information from both companies must be combined to process the ordering process. The information is usually exchanged with the help of SAML .

advantages

The advantage of the federated approach to identity management in networked system worlds such as the Internet is that the actual information always remains where it is. Instead of building huge central databases , federated identities only ensure uniform data standards , based on which information can be shared if necessary.

functionality

To this end, the participants create "Circles of Trust" (German for " trustworthy circles") that agree on technical standards and common organizational rules. The citizens , equipped with the appropriate access rights (for example, with a digital signature ), can move within that circle of trust without signing up each time and identify the need. The information about what someone is allowed to do and what not is still stored in the respective systems of the individual district members. The federal system is completely transparent and verifiable and meets the social demand for informational self-determination .

In practice this means that a user who has been identified by a participating and trustworthy body can access content and services without having to identify himself again each time. Since the user himself retains control over which information about him can be viewed by whom, or which authorizations and attributes are exchanged between the parties involved, data protection concerns are taken into account even more than is often the case nowadays networked systems is the case. Federated identities thus contribute to more openness and security at the same time.

Liberty Alliance, Kantara Initiative

Federated identities was still a new concept in 2001 and felt by many to be revolutionary. Since then, however, its implementation has come a long way. Leading the way was the so-called Liberty Alliance , an association of meanwhile more than 150 important IT and telecommunications companies on the one hand and international, national and transnational organizations on the other.

The successor organization of the Liberty Alliance has been the Kantara Initiative since 2009 , where further aspects such as trust frameworks, consent receipts and data protection are dealt with.

Implementations

Federations have emerged in different areas, such as science and research, eIDs in the public sector, eIDAS and in the highly secure area SAFE-BioPharma PKI Bridge .

See also

• Security Assertion Markup Language (SAML)
• OAuth
• OpenID
• Self-sovereign identity
• Windows Identity Foundation

Individual evidence

1. ↑ Federations Map - REFEDS. Retrieved October 15, 2018 (UK English).