What is federated identity management?

BROWSE BY TAG Identity Management and Access Control,   Enterprise Single Sign-On (SSO),   Enterprise Identity and Access Management,   User Authentication Services,   Security Token and Smart Card Technology,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

RELATED CONTENT Identity Management and Access Control How to find and remove keyloggers and prevent spyware installation How to encrypt passwords using network security certificates Prevent meet-in-the-middle attacks with TDES encryption How to use single sign-on (SSO) for a server configuration Choosing management for Active Directory user provisioning LDAP signing requirements for various directory configurations User account best practices for an investment management website How to determine password strength for a website The pros and cons of implementing smart cards Keep files from being deleted by assigning read and execute permission Enterprise Single Sign-On (SSO) How to use single sign-on (SSO) for a server configuration How to log in to multiple servers with federated single sign-on (SSO) Security on a budget: How to make the most of authentication tools Best Identity and Access Management Products Changing times for identity management Kerberos configuration as an authentication system for single sign-on How to use single sign-on for Web access control to prevent malware Learn about enterprise strategy for server virtualization single sign-on Enterprise single sign-on: Easing the authentication process Exploring authentication methods: How to develop secure systems Enterprise Single Sign-On (SSO) Research Security Token and Smart Card Technology The pros and cons of implementing smart cards First Data, RSA push tokenization for payment processing How to log in to multiple servers with federated single sign-on (SSO) Best Authentication Products Are 'strong authentication' methods strong enough for compliance? Risk management must include physical-logical security convergence RSA researcher Ari Juels: RFID tags may be easily hacked Portable security storage device could replace OTP devices Can you combine RFID tag technology with GPS to track stolen goods? Security token and smart card authentication

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary identity access management (IAM) system  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) single sign-on  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert Pose a Question Other Security Categories Meet all Security Experts Become an Expert for this site

ANSWERED June 2006:
Federated identity management is the unification of different authentication systems, so users can log on to different systems using the same authentication credentials.This sounds a lot like single sign-on (SSO) systems, where users to log on to multiple systems with a single user ID and password and the SSO system manages accessing each application from there.

SSO is only one type of federated ID management. There are other more notable systems, such as one-time password (OTP) tokens. OTPs are gaining popularity as a two-factor authentication method for financial Web sites that need to comply with the Federal Financial Institutions Examination Council (FFIEC) directive, which states that all financial Web sites who participate in high-risk transactions must use two-factor authentication to secure customer information.

An OTP token generates a random PIN number every 30 or 60 seconds, which the user enters in addition to their user ID and password to log on to a system, like a Web site. The OTP provides an extra layer of protection, as it's nearly impossible to crack that ever-changing PIN number. Therefore, even if the user ID and password are stolen or sniffed off the network, the OTP still blocks access, malicious or otherwise.

If the OTP's popularity continues to increase, customers could find themselves carrying a key ring full of tokens, one for each of their banks, credit cards or other financial Web sites. The goal of federated identity management is to stop that. In an ideal world, users would carry one token to access all their systems, no matter who ran it.

Federated ID management is still in its infancy. It's been slow to take off, partly because competing companies and financial institutions would have to agree on a unified standard and IT architecture for such a system. There are initiatives in progress, some working to create standards across different companies. Two of the most famous are the Microsoft Passport initiative and the Liberty Alliance. IBM is also developing one for the private sector and OASIS is developing a federated identity solution for Web services.

MORE INFORMATION: