Federated Identity Management becomes a standard
Federated Identity Management becomes a standard
Have you ever thought about a guarantee in which you invest your money and get returns? While people tend to have different ideas on the best ways to invest, some options are now made simpler so that you increase the chances of getting your returns on investment.
There was a time when identity management was limited to controlling
access to resources within a single security domain. But internal users
now access external resources and external users access internal
resources. Traditional approaches to identity management show their
limitations.
In this context, many organizations are turning to
identity federation to facilitate user work across multiple systems,
while reducing the administrative burden of managing access to these
systems.
Identity federation links a user’s identity across multiple security
domains, each with its own identity management system. When two domains
are federated, the user can authenticate to one domain and then access
the resources in the other domain without having to authenticate a
second time.
Identity federation allows administrators to solve many
problems related to access to distributed resources across multiple
domains. For example, it is not necessary to set up a specialized system
to facilitate access to resources external to the organization.
To
take advantage of these benefits, it is necessary to implement a
complete management of the identity federation. This generic term covers
the process of administering all elements associated with a complete
identity federation platform. This includes not only the technologies
that make federation possible, but also the agreements, rights
management, standards and other elements that define how the service is
implemented.
For the federation to work, all parties involved must
agree on these elements. They must agree on which identification
attributes to include, such as email, name and function title, how to
represent these attributes internally, and what standard to use to
exchange data. authentication and authorization. In this regard, the
Security Assertion Markup Language (SAML) standard is widely used.
Identity federation management can also be applied to a single
organization that manages multiple security domains. It is a relatively
young technology, and its exact meaning is still evolving, so that the
particularities may vary from one source to another.
Finally, if
federated and local authentication must coexist, the options must be
clear and the procedures must be intuitive and easy to understand.
The federation of identities: an impact multiplier?
In a federation of identities schema one can think that if the
identity of one of the users is compromised, its access to all the
applications of the perimeter will be affected. If an incident occurs on
the authentication brick, all my users will be affected. The walls
inside the SI can be seen as thinner, and the weight carried by the
authentication heavier. Thus, the federation of identities can be seen
as a factor multiplying the impacts of a possible attack. It is
therefore essential to strengthen the security of authentication.
In
reality, the federation of identities should rather be seen as a
simplifier of the IS, and structural or protocol vulnerabilities are
rather rare. Identities and entitlements will be administered centrally,
and users will no longer be forced to manipulate a multitude of
identifiers and passwords (sometimes auto-synchronized). These projects
require a great involvement of all the businesses of the company, but
will simplify the user experience and can help to enforce certain
security constraints specific to sectors and businesses
The goal of all is to reconcile security, simplicity and technological innovation, the federation of identity is, and will undoubtedly be, at the heart of the unique authentication in the years to come.