Federation enables applications in different domains to share
information about users.
- Federated sites must have some pre-established relationship, bilaterally
or in a group.
- Information about users is exchanged:
- Identity: Who is this user?
- Authentication: How/when did the user sign in?
- Authorization: What is the user allowed to do?
- Federation enables single sign-on between sites:
- User signs into one site (company A).
- User clicks into another site (company B).
- Site A passes information about the user to Site B.
- The user is not asked for his ID/password by site B.
- In some deployment pattern, federation eliminates some
- Site B trusts Site A to name its own users.
- Site B does not create its own
objects for Site A users.
There are multiple standards for federation, including
the security assertion markup language (SAML -- v1 and v2)
Return to Identity Management Concepts