Federated Identity Management

Identity management refers to the policies, processes, and technologies that establish user identities and enforce rules about access to digital resources. In a campus setting, many information systems–such as e-mail, learning management systems, library databases, and grid computing applications–require users to authenticate themselves (typically with a username and password). An authorization process then determines which systems an authenticated user is permitted to access. With an enterprise identity management system, rather than having separate credentials for each system, a user can employ a single digital identity to access all resources to which the user is entitled. Federated identity management permits extending this approach above the enterprise level, creating a trusted authority for digital identities across multiple organizations. In a federated system, participating institutions share identity attributes based on agreed-upon standards, facilitating authentication from other members of the federation and granting appropriate access to online resources. This approach streamlines access to digital assets while protecting restricted resources. [Source: 7 Things You Should Know About Federated Identity Management]

Suggested Resources

• Economic Tussles in Federated Identity Management, First Monday, October 2012. The authors present an economic perspective of stakeholder incentives that sheds light on why some applications have embraced FIM while others have struggled.
• 2011 ECAR Identity Management in Higher Education Report
• Identity & Access Management Working Group: This EDUCAUSE working group operates an open mailing list for general discussion of Identity and Access Management (IAM) topics and maintains a website with additional resources and links.
• Identity Management Wiki: The Identity & Access Management Working Group is also actively developing a wiki on Identity Management. Topics include: technical issues (e.g., authorization or authentication), legal and government issues (e.g., CALEA or HEOA), account management, and IAM software vendors.
• IAM Online: IAM Online is a new monthly series delivering interactive education on Identity and Access Management (IAM), including federated identity management essentials, advanced issues in IAM, and hot topics from the EDUCAUSE Identity and Access Management Working Group. Experts will provide overviews, answer questions and lead discussions.
• InCommon: The InCommon Federation eliminates the need for researchers, students, and educators to maintain multiple passwords and usernames. Online service providers no longer need to maintain user accounts. Identity providers manage the levels of their users' privacy and information exchange. InCommon uses SAML-based authentication and authorization systems (such as Shibboleth®) to enable scalable, trusted collaborations among its community of participants.
• Shibboleth®: The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

Updated October 2012