Skip to main content

Hitachi ID certification

Product Sites

Federated Access

Federation enables applications in different domains to share information about users.

  • Federated sites must have some pre-established relationship, bilaterally or in a group.
  • Information about users is exchanged:
    • Identity: Who is this user?
    • Authentication: How/when did the user sign in?
    • Authorization: What is the user allowed to do?

  • Federation enables single sign-on between sites:
    • User signs into one site (company A).
    • User clicks into another site (company B).
    • Site A passes information about the user to Site B.
    • The user is not asked for his ID/password by site B.

  • In some deployment pattern, federation eliminates some user management:
    • Site B trusts Site A to name its own users.
    • Site B does not create its own objects for Site A users.

There are multiple standards for federation, including the security assertion markup language (SAML -- v1 and v2) and WS*Security.

Return to Identity Management Concepts

page top page top