In an Open and Distributed World, Federation standards are a key ingredient to make the Digital Enterprise happen. However, this is an evolutionary process: such standards have been around for quite some time but new approaches will increasingly be used.
In addition, lots of existing applications cannot be “federated” but need to be part of the picture, in a transparent and secure way.
Challenge or Opportunity?
While federation standards like SAML, WS-Federation and OAuth/OpenID Connect are incompatible protocols, they do share the same foundation where a Service Provider (SP) relies on an Identity Provider (IdP) to vouch for the identity and privileges of a user (or client).
The Federation Server of TrustBuilder IDHub provides a platform that make an abstraction of the protocol. Not only does this allow for the introduction of new standards (which will certainly pop-up) but at the same time it provides a framework for bridging between different protocols and authentication mechanisms.
Bridging is controlled by an authentication and authorisation policy. So, instead of explicitly stating which Identity Provider would allow access to which Service Provider, an organisation could also configure implicit rules stating what authentication mechanism is required (e.g. OTP or X.509), what information is needed (e.g. verified mail-address) and under which circumstances (e.g. unregistered device) stronger authentication is demanded.
Applications that do not reside within the native domain and do not contain federation capabilities can still be integrated in this concept by front-ending them with a TrustBuilder Remote Gateway. This Web & API proxy appliance integrates with the application in the traditional way and handles the federation for inclusion in the Identity Hub environment.
- Combine any identification resource with every application, based on policies
- Integrate 3rd party applications fast and easily
TrustBuilder is the Number One product offering pervasive local and Cloud Access Management
Check more key topics? Go to the overview of Secure Digital Enterprise opportunities