
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > What is federated identity management?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What is federated identity management?

EXPERT RESPONSE FROM: Joel Dubin

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 20 June 2006
What is federated identity management?

EXPERT RESPONSE
Federated identity management is the unification of different authentication systems, so users can log on to different systems using the same authentication credentials.This sounds a lot like single sign-on (SSO) systems, where users to log on to multiple systems with a single user ID and password and the SSO system manages accessing each application from there.

SSO is only one type of federated ID management. There are other more notable systems, such as one-time password (OTP) tokens. OTPs are gaining popularity as a two-factor authentication method for financial Web sites that need to comply with the Federal Financial Institutions Examination Council (FFIEC) directive, which states that all financial Web sites who participate in high-risk transactions must use two-factor authentication to secure customer information.

An OTP token generates a random PIN number every 30 or 60 seconds, which the user enters in addition to their user ID and password to log on to a system, like a Web site. The OTP provides an extra layer of protection, as it's nearly impossible to crack that ever-changing PIN number. Therefore, even if the user ID and password are stolen or sniffed off the network, the OTP still blocks access, malicious or otherwise.

If the OTP's popularity continues to increase, customers could find themselves carrying a key ring full of tokens, one for each of their banks, credit cards or other financial Web sites. The goal of federated identity management is to stop that. In an ideal world, users would carry one token to access all their systems, no matter who ran it.

Federated ID management is still in its infancy. It's been slow to take off, partly because competing companies and financial institutions would have to agree on a unified standard and IT architecture for such a system. There are initiatives in progress, some working to create standards across different companies. Two of the most famous are the Microsoft Passport initiative and the Liberty Alliance. IBM is also developing one for the private sector and OASIS is developing a federated identity solution for Web services.

MORE INFORMATION:

Attend this on-demand webcast and learn how to successfully and securely deploy SSO in the enterprise.

Use this learning guide to review your authentication options.

Visit our resource center and weigh the pros and cons of single sign-on.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	CardSpace vs. user IDs and passwords
	Biometrics vs. biostatistics
	What are the dangers of using radio frequency identification (RFID) tags?
	What are the risks of connecting a Web service to an external system via SSL?
	What should an internal support model for identity management look like?
	What precautions should be taken if biometric data is compromised?
	How to choose the right biometric security product
	How to prevent hackers from accessing your router security password
	How does identity propagation work?
	Is it secure to use .NET membership class for user authentication?

Enterprise Single Sign-On (SSO)

Startup Symplified delivers SSO in the cloud

SaaS Offering Handles SSO

Kerberos security evolves for B2B, mobile tech

IBM acquires Encentuate for single sign-on software

Security360: Identity management market

Top 10 access-related controls for PCI compliance

What type of protections should security question and answer authentication credentials have?

Traditional single sign-on (SSO) products versus federated identities

Best practices for deploying enterprise single sign-on (SSO)

Does single sign-on (SSO) improve security?

Enterprise Single Sign-On (SSO) Research

Tokens and Smart Cards

Product review: Secure Computing SafeWord 2008

Video: Changes ahead for MIT Kerberos Consortium

Kerberos: Authentication with some drawbacks

What are the dangers of using radio frequency identification (RFID) tags?

Smart card deployment: How to know if it's smart for your enterprise

Can tokenization of credit card numbers satisfy PCI requirements?

Is there a way to bridge physical and logical security without using smart cards or biometrics?

Preparing for integrated physical and logical access control: The common authenticator

Are one-time password tokens susceptible to man-in-the-middle attacks?

What are the PCI DSS compliance benefits of tokenization?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

single sign-on (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy