This document discusses identity management and federated identity. It provides an overview of how identity management has evolved from stovepipe systems to standards-based identity portability. Federated identity allows securely linking identity information across security domains. Examples of use cases for federated identity include integrating hosted services, linking redundant accounts, secure collaboration, and attribute exchange between a business and customers. The document also discusses Ping Identity's federation gateway and deployment services that support multiple federation protocols.
5. 06/26/14
Slide 5
What is “Federated Identity?”What is “Federated Identity?”
Federated Identity allows enterprises to securely link
and exchange identity information across
autonomous security domains
Federated Identity enables seamless access to
distributed resources and applications
6. 06/26/14
Slide 6
Federated Identity – An Enabling TechnologyFederated Identity – An Enabling Technology
Networking of Identity Enables
Tighter partner interaction
Improved service and convenience to customers
Improved security of outsourced services
Lowered costs and complexity managing users and redundant directories
Identity “Portability” Enables
Reduced transactional friction
Lower costs associated with SSO and password reset
New revenue opportunities
12. 06/26/14
Slide 12
Use Case: Integrating Hosted ServicesUse Case: Integrating Hosted Services
User Store
Login
User Store
Global Travel Service
Service Provider
Company A
Identity Provider
John Smith
Login: john123
john123
jsmith
Travel Application
XML
GatewayGateway
Intranet
Federation
1
SSO Access 2
Protocol: Liberty
Federated ID
(linked accounts)
13. 06/26/14
Slide 13
Use Case: Integrating Hosted ServicesUse Case: Integrating Hosted Services
Login
User Store
Global Travel Service
Service Provider
Company A
Identity Provider
John Smith
Login: john123
john123
Travel Application
XML
GatewayGateway
Intranet
Federation
1
SSO Access 2
Protocol: SAML
No User Store Exists
Federated ID
(UserID & Role)
14. 06/26/14
Slide 14
Use Case: Link Redundant AccountsUse Case: Link Redundant Accounts (Internal)(Internal)
User Store
Login
User Store
Company A
John Smith
Login: john123
john123
jsmith
Security Domain B
XML
GatewayGateway
Security Domain A
Federation
1
SSO Access 2
Protocol: Liberty
Federated ID
(Linked Accounts)
15. 06/26/14
Slide 15
Use Case: Secure CollaborationUse Case: Secure Collaboration
User StoreUser Store
Airline Co.
Authentication Authority
Aircraft Mfg
Relying Party
John Smith
Login: john123
Role: 747 Mechanic
john123
Intranet
XML
GatewayGateway
Online Manuals
Federation
SSO Access
2
747 Manual
777 Manual
Protocol: SAML
Federated ID
(John123 &
747 Mechanic)
1
16. 06/26/14
Slide 16
Use Case: Attribute Exchange (B2C)Use Case: Attribute Exchange (B2C)
My Portal
(Identity Provider)
Books.com
Portal
XML
GatewayGateway
eCommerce Site
Federation
SSO Access2
Protocol: SAML
Get Attributes (address, cc # etc.)
1
3
Federated ID
(UserID & Role)
User Store
&
Attributes
17. 06/26/14
Slide 17
Multi-Protocol Federate GatewaysMulti-Protocol Federate Gateways
Company ACompany A
PingFederatePingFederate
A Multi-Protocol GatewayA Multi-Protocol Gateway
(Partner Specific Configuration)
SAML Liberty
Internet
WS-FedShibboleth
Partner UniversityPartner University Public & Private Sector - Enterprise & CarriersPublic & Private Sector - Enterprise & Carriers
Internal Federation
PingDeployPingDeploy
Interop. Service
Driving convergence of standards efforts
Have submitted Liberty’s work to OASIS (for inclusion in SAML 2.0)
Incorporating other accepted industry standards
WS-Security (completed)
SAML (completed)
Other specs within the WS-* family (when available in a public forum)
Folded Radicchio’s Trusted Transaction Roaming work (for interoperable mobile data services) into theLiberty Alliance
Summary
The adoption of federated identity standards has occurred in a multi-protcol fashion. Within different industry segments different federation protocols have taken hold. A flexible architecture that can accommodate multiple protocols simultaneously provides a university with a scaleable model that can be extended to the broadest set of users and partners.