Skip to main content

Federated identity management (FIM)

Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group. The use of such a system is sometimes called identity federation.

Identity federation links a user's identity across multiple security domains, each supporting its own identity management system. When two domains are federated, the user can authenticate to one domain and then access resources in the other domain without having to perform a separate login process.
Identity federation offers economic advantages, as well as convenience, to enterprises and their network subscribers. For example, multiple corporations can share a single application, resulting in cost-savings and consolidation of resources.
Single sign-on (SSO) is an important component of identity federation, but it is not the same as identity federation.
Identity federation involves a large set of user-to-user, user-to-application and application-to-application use cases at the browser tier, as well as the service-oriented architecture tier.
In order for FIM to be effective, the partners must have a sense of mutual trust. Authorization messages between partners in an FIM system can be transmitted using Security Assertion Markup Language (SAML) or a similar XML standard that enables a user to log on once for affiliated but separate websites or networks.
Examples of FIM systems include OpenID and OAuth, as well as Shibboleth, which is based on OASIS SAML.


How federated identity management works
Under a federated identity management scheme, credentials are stored with the user's identity provider -- usually the user's home organization. Then, when logging into a service such as a software-as-a-service app, that user does not need to provide credentials to the service provider: The service provider trusts the identity provider to validate the user's credentials. Consequently, the user only has to provide credentials directly to the identity provider, which is generally the user's home domain.
Under identity federation, the user authenticates once through the home domain; when that user initiates sessions in other security domains, those domains trust the user's home domain in order to authenticate the user.
Here is how FIM works:
  • Users log in to their home network, authenticating through the home security domain.
  • After they have authenticated to the home domain, users initiate an attempt to log in to a remote application that uses identity federation.
  • Instead of authenticating directly with the remote application, that application requests the user's authentication from their home authentication server.
  • The user's home authentication server authorizes the user to the remote application and the user is permitted to access the app.

The user only needs to authenticate once, to the home domain; remote apps in other security domains that have agreed to cooperate are then able to grant access to the user without requiring an additional login process.
Benefits of federated identity management
Identity federation offers economic benefits, as well as convenience, to companies and their users.
Organizations working together on a project can form an identity federation so that all of their users can access and share resources easily. Doing so authenticates users once to access resources across all the domains, while administrators at each organization can still control the level of access in their own domains. This approach can save money, as well as consolidate resources.
In addition, identity federation aims to do away with the barriers that stop users from accessing the resources they need when they need them securely and easily. Users of systems in identity federations don't have to create new accounts for each domain, which means they can securely access systems in different domains without having to remember credentials for all of them. As they move from one domain to another, users don't have to re-enter their credentials.
Additionally, with identity federation, administrators can avoid some of the issues that go along with balancing multi-domain access, such as developing a specific system to make it easy to access the resources of an external organization.
Identity federation can also be useful when administering applications that need access to resources in multiple security domains.
Differences between FIM and SSO
Although federated identity management systems provide their users with a form of single sign-on, FIM and SSO are not the same. SSO generally enables users to use a single set of credentials to access multiple systems within a single organization, while FIM enables users to access systems across different organizations.
While federated identity management enables single sign-on for users, organizations that implement SSO do not necessarily use FIM. Identity federation, however, relies heavily on SSO technologies to authenticate users across domains.
Single sign-on offers users the ability to authenticate themselves and access multiple services with a single login. SSO is token-based, which means that every user is identified by a token rather than a password.
Federated identity management is the arrangement made between enterprises that enables subscribers to use the same identification information to gain access to applications, programs and the networks of all the group's members.
While SSO lets a single authentication credential access different systems within one enterprise, an FIM system offers single-step access to numerous systems across different organizations. Users, therefore, don't provide credentials directly to a web app, but rather to the FIM system itself.
Advantages and disadvantages of FIM
The main advantage FIM offers to users is convenience: each user only needs to remember one username and password to access websites and applications across multiple security domains. FIM frees users from the burden of having to remember login credentials for each organization they collaborate with regularly.
FIM also benefits systems administrators, as it simplifies the process of authenticating and authorizing users of their systems within the federation. With federated identity management, a system administrator can set permissions and access levels across different systems in different security domains for a user based on a single username. This reduces a system admin's work, makes identity and access management easier, and streamlines access to resources.
There are also some disadvantages to using federated identity management, including the upfront costs that organizations -- particularly smaller ones -- will incur to modify their existing systems and applications.
Another challenge when implementing federated identity management frameworks is the necessity for participating members of the federation to create policies that adhere to the security requirements of all the members -- an undertaking that can be complicated by different requirements and rules set by each enterprise.
Finally, because an organization can be a member of different federations, its policies should accurately reflect the rules of each of the federation members. Ensuring this is the case requires a commitment of time and effort that many enterprises may not be prepared for.

Comments

Post a Comment

Popular posts from this blog

Understanding the Evolution: AI, ML, Deep Learning, and Gen AI

In the ever-evolving landscape of artificial intelligence (AI) and machine learning (ML), one of the most intriguing advancements is the emergence of General AI (Gen AI). To grasp its significance, it's essential to first distinguish between these interconnected but distinct technologies. AI, ML, and Deep Learning: The Building Blocks Artificial Intelligence refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions. Machine Learning, a subset of AI, empowers machines to learn from data and improve over time without explicit programming. Deep Learning, a specialized subset of ML, involves neural networks with many layers (hence "deep"), capable of learning intricate patterns from vast amounts of data. Enter General AI (Gen AI): Unraveling the Next Frontier Unlike traditional AI systems that excel in specific tasks (narrow AI), General AI aims to replicate human cognitive abilities across various domains. I...
Post a Comment
Read more

Normalization of Database

Database Normalisation is a technique of organizing the data in the database. Normalization is a systematic approach of decomposing tables to eliminate data redundancy and undesirable characteristics like Insertion, Update and Deletion Anamolies. It is a multi-step process that puts data into tabular form by removing duplicated data from the relation tables. Normalization is used for mainly two purpose, Eliminating reduntant(useless) data. Ensuring data dependencies make sense i.e data is logically stored. Problem Without Normalization Without Normalization, it becomes difficult to handle and update the database, without facing data loss. Insertion, Updation and Deletion Anamolies are very frequent if Database is not Normalized. To understand these anomalies let us take an example of  Student  table. S_id S_Name S_Address Subject_opted 401 Adam Noida Bio 402 Alex Panipat Maths 403 Stuart Jammu Maths 404 Adam Noida Physics Updation Anamoly :  To upda...
Post a Comment
Read more

How to deal with a toxic working environment

Handling a toxic working environment can be challenging, but there are steps you can take to address the situation and improve your experience at work: Recognize the Signs : Identify the specific behaviors or situations that contribute to the toxicity in your workplace. This could include bullying, harassment, micromanagement, negativity, or lack of support from management. Maintain Boundaries : Set boundaries to protect your mental and emotional well-being. This may involve limiting interactions with toxic individuals, avoiding gossip or negative conversations, and prioritizing self-care outside of work. Seek Support : Reach out to trusted colleagues, friends, or family members for support and advice. Sharing your experiences with others can help you feel less isolated and provide perspective on the situation. Document Incidents : Keep a record of any incidents or behaviors that contribute to the toxic environment, including dates, times, and specific details. This documentation may b...
Post a Comment
Read more