Primer: Federated Identity Management

By David F. Carr  |  Posted 2003-11-03 Email Print this article Print
 
 
 
 
 
 
 

Federated identity management allows companies with different technologies to share applications.

What is it? A system that allows individuals to use the same user name, password or other personal identification to sign on to the networks of more than one enterprise in order to conduct transactions.

How is it used? Partners in a Federated Identity Management (FIM) system depend on each other to authenticate their respective users and vouch for their access to services. That allows, for example, a sales representative to update an internal forecast by pulling information from a supplier's database, hosted on the supplier's network.

Why is it necessary? So that companies can share applications without needing to adopt the same technologies for directory services, security and authentication. Within companies, directory services such as Microsoft's Active Directory or products using the Lightweight Directory Access Protocol have allowed companies to recognize their users through a single identity. But asking multiple companies to match up technologies or maintain full user accounts for their partners' employees is unwieldy. FIM allows companies to keep their own directories and securely exchange information from them.

How does it work? A company must trust its partners to vouch for their users. Each participant must rely on each partner to say, in effect, "This user is OK; let them access this application." Partners also need a standard way to send that message, such as one that uses the conventions of the Security Assertion Markup Language (SAML). SAML allows instant recognition of whether the prospective user is a person or a machine, and what that person or machine can access. SAML documents can be wrapped in a Simple Object Access Protocol message for the computer-to-computer communications needed for Web services. Or they may be passed between Web servers of federated organizations that share live services.

Who is using it? Early adopters include American Express, Boeing, General Motors and Nokia. Another, Proctor & Gamble, had improvised its own federated-identity system using the more generic eXtensible Markup Language but is now moving to adopt SAML.

Are the standards solid? They're getting there. SAML is backed by the Organization for the Advancement of Structured Information Standards (OASIS). The Liberty Alliance, an industry group formed to promote federated-identity standards, has adopted SAML 1.1 as part of its application framework. Microsoft and IBM have proposed an alternative specification called WS-Security. But Dan Blum, a technology analyst with the Burton Group of Midvale, Utah, believes that OASIS may try to make these two approaches converge in SAML 2.0.

What are the challenges? Trusting a partner to authenticate its own users is a good thing only if that partner has solid security and user-management practices. Also, while some Web access-management products now support SAML, implementing the technology still commonly requires customization to integrate applications and develop user interfaces.

 
 
 
 
David F. Carr David F. Carr is the Technology Editor for Baseline Magazine, a Ziff Davis publication focused on information technology and its management, with an emphasis on measurable, bottom-line results. He wrote two of Baseline's cover stories focused on the role of technology in disaster recovery, one focused on the response to the tsunami in Indonesia and another on the City of New Orleans after Hurricane Katrina.David has been the author or co-author of many Baseline Case Dissections on corporate technology successes and failures (such as the role of Kmart's inept supply chain implementation in its decline versus Wal-Mart or the successful use of technology to create new market opportunities for office furniture maker Herman Miller). He has also written about the FAA's halting attempts to modernize air traffic control, and in 2003 he traveled to Sierra Leone and Liberia to report on the role of technology in United Nations peacekeeping.David joined Baseline prior to the launch of the magazine in 2001 and helped define popular elements of the magazine such as Gotcha!, which offers cautionary tales about technology pitfalls and how to avoid them.
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters



















 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date