Manage Learn to apply best practices and optimize your operations.

What is federated identity management?

A SearchSecurity.com member asks, "What is federated identity management?" Resident identity management and access control expert Joel Dubin tackles this question in this Ask the Expert Q&A.

What is federated identity management?
Federated identity management is the unification of different authentication systems, so users can log on to different systems using the same authentication credentials.This sounds a lot like single sign-on ( SSO) systems, where users to log on to multiple systems with a single user ID and password and the SSO system manages accessing each application from there.

SSO is only one type of federated ID management. There are other more notable systems, such as one-time password...

(OTP) tokens. OTPs are gaining popularity as a two-factor authentication method for financial Web sites that need to comply with the Federal Financial Institutions Examination Council (FFIEC) directive, which states that all financial Web sites who participate in high-risk transactions must use two-factor authentication to secure customer information.

An OTP token generates a random PIN number every 30 or 60 seconds, which the user enters in addition to their user ID and password to log on to a system, like a Web site. The OTP provides an extra layer of protection, as it's nearly impossible to crack that ever-changing PIN number. Therefore, even if the user ID and password are stolen or sniffed off the network, the OTP still blocks access, malicious or otherwise.

If the OTP's popularity continues to increase, customers could find themselves carrying a key ring full of tokens, one for each of their banks, credit cards or other financial Web sites. The goal of federated identity management is to stop that. In an ideal world, users would carry one token to access all their systems, no matter who ran it.

Federated ID management is still in its infancy. It's been slow to take off, partly because competing companies and financial institutions would have to agree on a unified standard and IT architecture for such a system. There are initiatives in progress, some working to create standards across different companies. Two of the most famous are the Microsoft Passport initiative and the Liberty Alliance. IBM is also developing one for the private sector and OASIS is developing a federated identity solution for Web services.


  • Attend this on-demand webcast and learn how to successfully and securely deploy SSO in the enterprise.
  • Use this learning guide to review your authentication options.
  • Visit our resource center and weigh the pros and cons of single sign-on.
  • This was last published in July 2006

    Dig Deeper on Single-sign on (SSO) and federated identity

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.