Approachs
Last updated
Last updated
No relation between services in the organization (or world).
Duplication:
Each person would have an identity profile on each service.
Each service must ensure proper protection mechanisms.
Not scalable for users, nor user-friendly:
Unless you use the same identifiers and authentication credentials.
But possibly better against identity theft!
Unless you use the same identifiers and authentication credentials…
Onboarding and Offboarding issues:
Need to provision/remove/disable identities across all services.
A single profile for each entity:
Each profile contains the union of all attributes required by all services.
More efficient management, onboarding and offboarding.
Each service uses only the attributes it needs.
To centralize the authentication of profile owners.
To provide assertions with identity claims.
Relying Parties (RPs).
Concept that encompasses a common set of policies, practices and protocols to manage identity across organizations.
Enable an entity to access a service of an organization with a set of identity claims provided by one or more trustworthy third-party IdMs.
Entity@DomainA accesses system@DomainA and Entity@DomainA accesses system@DomainB.
Single source of Identities for all Organizations.
Can use an independent IdP or accept users from any participant.
Multi-IdP identity claims’ provisioning.
The service provider asks for several identity attributes.
As identity claims.
And proposes alternative IdMs.
Service client uses one or more IdMs to get all the necessary identity claims.
Usually no more than one.