Options and Issues in Federated Identity Management

D espite aging and psychological and cosmetic changes, who you are as a person is fairly constant—Eve and Drummond will remain Eve and Drummond over time. The same isn’t true of your digital identity. Currently, eve@ xmlgrrl.com is tied to Eve, for example, but might later be tied to someone else or disappear entirely. This is just one of the challenges people have with digital identities. Federated identity management is a set of technologies and processes that let computer systems dynamically distribute identity information and delegate identity tasks across security domains. Federated identity is the means by which Web applications can offer users cross-domain single sign-on (SSO), which lets them authenticate once and thereafter gain access to protected resources and Web sites elsewhere. However attractive its benefits, federated identity imposes costs as well, entailing new and increased security and privacy risks because it shares valuable information across domains using loosely coupled network protocols. Such risks require mitigation, which can range from preventing message replay to collecting user consent for data sharing in both online and offline scenarios. Here, we describe the federated identity model and discuss its security and privacy risks and architectural challenges. We also profile three popular federated identity protocols for implementing the model: the Security Assertion Markup Language (SAML), the OpenID specification, and the InfoCard specification underlying Microsoft’s Windows Cardspace. Identity management and single sign-on