 
	Federated Identity Management becomes a standard
Federated Identity Management becomes a standard
Have you ever thought about a guarantee in which you invest your money and get returns? While people tend to have different ideas on the best ways to invest, some options are now made simpler so that you increase the chances of getting your returns on investment.
There was a time when identity management was limited to controlling 
access to resources within a single security domain. But internal users 
now access external resources and external users access internal 
resources. Traditional approaches to identity management show their 
limitations.
In this context, many organizations are turning to 
identity federation to facilitate user work across multiple systems, 
while reducing the administrative burden of managing access to these 
systems.
Identity federation links a user’s identity across multiple security 
domains, each with its own identity management system. When two domains 
are federated, the user can authenticate to one domain and then access 
the resources in the other domain without having to authenticate a 
second time.
Identity federation allows administrators to solve many 
problems related to access to distributed resources across multiple 
domains. For example, it is not necessary to set up a specialized system
 to facilitate access to resources external to the organization.
To 
take advantage of these benefits, it is necessary to implement a 
complete management of the identity federation. This generic term covers
 the process of administering all elements associated with a complete 
identity federation platform. This includes not only the technologies 
that make federation possible, but also the agreements, rights 
management, standards and other elements that define how the service is 
implemented.
For the federation to work, all parties involved must 
agree on these elements. They must agree on which identification 
attributes to include, such as email, name and function title, how to 
represent these attributes internally, and what standard to use to 
exchange data. authentication and authorization. In this regard, the 
Security Assertion Markup Language (SAML) standard is widely used.
Identity federation management can also be applied to a single 
organization that manages multiple security domains. It is a relatively 
young technology, and its exact meaning is still evolving, so that the 
particularities may vary from one source to another.
Finally, if 
federated and local authentication must coexist, the options must be 
clear and the procedures must be intuitive and easy to understand.
The federation of identities: an impact multiplier?
In a federation of identities schema one can think that if the 
identity of one of the users is compromised, its access to all the 
applications of the perimeter will be affected. If an incident occurs on
 the authentication brick, all my users will be affected. The walls 
inside the SI can be seen as thinner, and the weight carried by the 
authentication heavier. Thus, the federation of identities can be seen 
as a factor multiplying the impacts of a possible attack. It is 
therefore essential to strengthen the security of authentication.
In 
reality, the federation of identities should rather be seen as a 
simplifier of the IS, and structural or protocol vulnerabilities are 
rather rare. Identities and entitlements will be administered centrally,
 and users will no longer be forced to manipulate a multitude of 
identifiers and passwords (sometimes auto-synchronized). These projects 
require a great involvement of all the businesses of the company, but 
will simplify the user experience and can help to enforce certain 
security constraints specific to sectors and businesses
The goal of all is to reconcile security, simplicity and technological innovation, the federation of identity is, and will undoubtedly be, at the heart of the unique authentication in the years to come.
 
														