Talk:Federated identity

Latest comment: 8 years ago by 220.245.37.174 in topic Centralised identity or federated

Liberty Alliance only example

edit

The example given is of the definition that originated with the Liberty Alliance.

Here's an elaboration of the other concept of federated identity that has appeared in the Internet2 community and elsewhere. The higher education federation (for example) is a group of organizations (universities) that agree to accept and trust each other's local authentication process. That is, each university manages the credentials of its own population but also needn't manage the credentials of potential visitors form elsewhere.

Federation is something that organizations do; they join a federation. They agree about some things (e.g. that they will trust each other), but also agree to disagree about other matters (e.g. precisely how the credentialing process is performed at each institution and precisely how cerdentials are verified at each institution.

The Liberty Alliance definition is really more about something that users do. Each user agrees that their identity information can be shared among organizations of their choosing.

edit

I suggest linking information about Eduroam - the federated identity system in use in Europe, Australia and Canada —Preceding unsigned comment added by 129.100.113.215 (talk) 12:57, 15 October 2008 (UTC)Reply

I suggest adding links to Edugain (it federates federations) and to simpleSAMLphp (I'm trying to add the article to the wiki). Blink0gmailcom (talk) 00:58, 19 November 2008 (UTC)Reply

Centralised identity or federated

edit

The definition of “federated identity” cited says this:

When a user affiliated with a member of a federation requests a protected resource from another member organization, the user is prompted for identifying information including his “home” organization. This request is passed to the home organization, which verifies the user’s credentials and asserts to the requesting organization that the user has been authenticated.

This is contradicted by the examples of centralised identity providers, where the user is *not* prompted for their choice of provider: only an explicitly-supported specific provider can be used.

So it is not sufficient to have “a common set of policies, practices and protocols in place to manage the identity and trust into IT users and devices across organizations” as the article currently states. Crucial to a *federated* system is surely that the parties do not need to approve on a party-by-party basis, but only that the party is a participant in the federation.

This would mean that systems prompting for *explicitly* an exclusive set of identity providers – e.g. Facebook, Google, GitHub – are by definition not federated identity systems, but centralised-identity systems.

220.245.37.174 (talk) 08:50, 24 August 2016 (UTC)Reply