Want to avoid an identity-management crisis? Build a federated-identity infrastructure, where a user's authenticated ID is shared across multiple domains or online businesses. The Liberty Alliance has created open standards for federating identities, paving the way for centralized identity management and single network sign-on. These standards also can help reduce the cost of managing your partners' and customers' ID information.
The Liberty Alliance, whose members include American Express, AOL Time Warner, General Motors and Sun Microsystems, develops standards for letting online businesses share a client's or customer's identity information. Later this year, the alliance plans to release a version of its federated ID model for Web services.
A federated ID model lets a user authenticate with one company or Web site, and get personalized content and services from any of the federated organizations in that "circle of trust." In other words, a financial services company and an online retailer, for instance, can share a customer's ID information during a transaction, rather than each having to store and manage separate credentials for each user account.
To really understand the Liberty Alliance's federated-security model, you first have to comprehend the alliance's jargon. A network identity is the conglomeration of your personal information--the bits and bytes that represent you in a myriad of databases scattered around the world. It can include your name, user name, phone number, Social Security number,
medical records, and identifying numbers from your
driver's license, passports and employee ID. It also may include personal preferences such as your airline seating habits, musical tastes, cell phones and wireless e-mail devices.
One Sign-On Fits All
With a federated network ID, a user's multiple network identities from different accounts--with an airline and a car-rental agency, for instance--are linked, not stored at one site. This is the beginning of the single sign-on paradigm for the Internet. An employee could book a flight with an airline and reserve a car with
a rental agency without having to sign on and
reauthenticate with the rental company site separately. This federated ID model offers business partners and employees more personalized online service, as well as more security and control over which personal information is used.
It works like employee provisioning and single sign-on systems, which reconcile disparate user names for an individual across various corporate systems. If a user authenticates as jsmith to the corporate domain, for example, but logs on to the HR system as John.Smith, a federated network recognizes that both IDs are tied to the same person. It can then log John Smith on to the HR system from the corporate domain automatically, and he doesn't have to log on to the HR system separately.
The Liberty Alliance's circle of trust is a group of two or more businesses or service providers--banks, online retail stores or financial services companies--that share network IDs. These organizations operate under specific business agreements that dictate how they use the identities and conduct business.
The business client or consumer determines which elements of his or her identity information are shared among service providers in a circle of trust. The Liberty Alliance recommends that you notify the user about which information you're collecting. The user should give his or her consent for the ID information being exchanged among the different online sites in a circle of trust.
This "opt-in" process requires that the user agree to share information from Site A with Site B (see "Step by Step," page 63). The user confirms the information-sharing agreement when he or she arrives at the second site (B). From that point on, he or she only has to log on to one of those sites. That simplifies things for the user, and lets a business offer its clients ease of use and personalization features.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
REPORTS
ANALYTICS
Follow 
