Understanding Federated Identity and Single Sign-On
The ability to federate identity, which is the process of linking an identity and its related attributes between multiple identity management systems, has become increasingly common. You have probably already seen or used a federated identity system if you use your Microsoft, Google, Facebook, or LinkedIn accounts to access sites that aren’t hosted by those service providers. Each site allows use of their credentials, as well as a set of attributes by third-party sites.
Federated Identity Security Considerations
Federated identities move trust boundaries outside of your own organization, resulting in new concerns when designing, implementing, or using federated identity. This leads to the need to look at federated security from three points of view:
As an identity provider (IDP), members of a federation must provide identities, make assertions about those identities to relying parties, and release information to relying parties...