A quote from Daniel Blum, an analyst at Burton Group:
"One company that's implementing cross-domain authentication is insurance provider Nationwide Financial Services Inc., which recently deployed a federated identity system using technology from RSA Security.
The system lets thousands of Nationwide insurance agents and brokers go to a central portal site where they can access the Columbus, Ohio-based company's applications as well as applications hosted on sites belonging to some of its partners. Previously, Nationwide's agents needed to create separate accounts and passwords with the third parties to access their applications. The partners, in turn, needed to maintain their own lists of usernames and passwords for Nationwide's agents. With identity federation, the agents have to authenticate themselves only once on the central Nationwide portal and simply click on the appropriate links to access applications on the partner sites.
RSA's Federated ID Manager technology intercepts an agent's request with his log-in information. It generates an encrypted Security Assertion Markup Language (SAML) message containing the user's identity profile and other authentication information that the partner needs in order to let the user access its applications. The SAML assertion and the browser session are then directed to the partner's site, where another federation server or agent parses the packaged identity information and uses it to grant access to the application the agent wanted.
Such cross-domain identity assertion can yield multiple benefits, says Daniel Blum, an analyst at Burton Group in Midvale, Utah. "