The concepts of ‘Single Sign On’ and ‘Identity Management’ are the roots of Federated Identity Management. These concepts are essential to fully understand “Federated Identity Management”.
“Identity management” is the process of authenticating and authorizing individuals at different levels within an organization in order to allow them access to the right amount of resources on different applications and systems.
“Single sign-on” aims to reduce password fatigue that can be caused by repetitive entry of the ‘username/password’ combination. The traditional ‘username/password’ combination is still the best way to authenticate an individual. It is not uncommon for someone to lose his password online at least once.
This is where the idea of ‘Single Sign On’ comes in. A single username and password combination can be used for multiple applications and third-party apps within a single organization. This concept is best illustrated by ‘Google’. You will automatically be logged in to ‘YouTube,’ ‘Google Drive,’ ‘Google Photos’, Google Maps, and other services if you have a Google account.
Federated identity management
“Federated Identity Management” is an extension of the “SSO concept” or the concept for “Single Sign On”. Again, the main idea here is to make it easier for the user to enter and re-enter their ‘username/password’ combination across multiple sites. Federated identity management uses the user’s login credentials to authenticate first. This authenticated information is shared across multiple domains to allow the user to access different resources and applications smoothly and efficiently. The user is only required to authenticate once, and then he/she can sign on to other participating sites.
Two sites can be considered ‘federated’ if users authenticate on one site and are able to access resources on the other site quickly and effectively without having to re-authenticate.
Benefits of using “federated identity management”
As stated above, the primary goal of federated identity management is to make it easy for end-users.
It also reduces administrative overhead by allowing administrators to manage multiple accounts and different ‘username/password’ combinations.
Participating organizations also benefit from huge cost savings
SAML, OpenID, and OAuth:
There are many federated identity standards, such as SAML (Security Assertion Markup Language), OpenID, and OAuth. These standards are so ubiquitous that it is not hard to imagine that we would have found them online, even if we didn’t know that they were constantly being updated. Here are some details about SAML, OpenID, and OAuth.
SAML:
SAML (pronounced “sam-el”), is an XML-based standard for authorization and authentication. SAML 1.0 was introduced in 2001. The latest version 2.0 was released in 2005. SAML is better suited for applications that only require one sign-on by enterprises.
SAML usage consists of three components: assertions, protocol, and binding. Principal, identity provider, and service provider are the three roles in SAML.
The ‘Principal” is the end user (e.g. Bob) who requests the services of a service provider’ (e.g. Facebook.com). The ‘Identity provider’ validates the user and acts as a trusting medium between organizations. Many organizations accept the ‘Aadhar card’ as a trusted identification. We are not required to re-identify once we have presented the ‘Aadhar card’. In
