Overview#
Federation as we use it is Federated Identity ManagementFederation is a process that allows for the conveyance of identity and authentication information across a set of networked systems. In a Federation scenario, the verifier or Credential Service Provider is known as the Identity Provider (IDP), or IDP. The Relying Party, or RP, is the party that receives the Federated Identity. (NIST.SP.800-63C)
![]() |
A Federation occurs when one system trusts an Identity Provider (IDP) to authenticate a digital Identity
Some people only refer to Federation when it is Cross-domain authentication.
Others prefer to say anytime the authentication Method is not on the same system it is a Federation.
Generally, any RP which accepts the credential's from an Identity Provider (IDP) is part of a Federation.
The Identity Provider (IDP) is the Primary Domain and the other security domains that trusts the Identity Provider (IDP) to authenticate a digital Identity are referred to as Relying Party (RP)/Service Providers (SP).
Credential information is typically NOT passed between the parties.
Digital Identity data may be passed between these parties.
Federation is a form of Identity Correlation and/or Identity Broker
Often Tokens are used in Federation by a system called a Security Token Service (STS) which would typically be in or strongly associated with the Identity Provider (IDP)
Federation Models#
Federation Models provides an overview of and requirements for common identity Federation Models currently in use. In each model, relationships are established between members of the federation in several different ways.More Information#
There might be more information for this subject on one of the following:- Bandit-project.org
- Computer Associates
- Credential Management
- Credential Revocation
- Federated Authorization for UMA 2.0
- Federated Credential
- Federated Identity
- Federation Assurance Level
- Federation Models
- Geneva Framework
- IMA Policies
- Identity Broker
- Identity Federation Framework
- Identity Relation
- Identity Web Services Framework
- Jurisdiction
- Mobile Connect
- NIST.IR 7817
- NIST.SP.800-63
- NIST.SP.800-63-3
- NIST.SP.800-63C
- Neo-Security Stack
- Nevis Security Suite
- OAuth Scope Example
- OXD
- Open Trust Taxonomy for OAuth2
- OpenID Connect Federation
- Releasability
- Security Domain
- Single Sign-On
- Single Sign-On Scenarios
- Token Binding over HTTP
- Trust Model
- Web Blog_blogentry_020816_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_090418_1
- Web Blog_blogentry_260715_1
- Web Services Federation
- WebAuthn Attestation
- Why Use Tokens
- Windows Hello