<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a service that provides [Identity Correlation] and is a [Data aggregator]


[{$pagename}] is a generic industry term and not part of any [Standard]

!! [{$pagename}] [Single Sign-On] [2]
An [{$pagename}] is often part of a a [Single Sign-On] [Architecture] as an an intermediary service that connects multiple [Service Providers|SP] with different [Identity Provider (IDP)]s.

A [{$pagename}] or [Identity Correlation] service maps [Identity Attributes], including unique identifiers, across multiple [Identity Provider (IDP)] to the [Digital Subject].

Often a [{$pagename}] is incorporated within the [Identity Provider (IDP)] service.

As an intermediary service, the [{$pagename}] is responsible to create a [trust] relationship with [Identity Provider (IDP)]s in order to use the [Digital Identity]s to access services exposed by [Service Providers|SP].

From an user perspective, an [{$pagename}] provides an user-centric and centralized way to manage [Digital Identity]s across different [Security Domains] or realms, where an existing [Digital Identity]s can be linked with into one [Digital Subject] as a [Federated Identity] from different [Identity Provider (IDP)]s or even created based on the identity information obtained from the various [Digital Identity]s.

[{$pagename}] are usually [Security Token Service] providers that can translate [Tokens] between different identity [tokens] from one standard format to another or to the proprietary [session] [cookie] formats used by many [WAM] systems.

!! Standardized cross-app [Single Sign-On] Experience
Typically, An [Identity Provider (IDP)] is usually based on a specific [Authentication Method] and communicates [authentication] and [Authorization] information to the [SP]. The [{$pagename}] as an example, might utilize a [SPNEGO] to obtain a [Kerberos] Ticket and obtain information on the [Digital Identity] to be able to create a [SAML V2.0] [SAML Assertion] into a [SP] which uses [SAML V2.0] and transform the [SAML Assertion] into a [Access Token] for use within [OAuth 2.0] or [OpenID Connect].

Often various [Authentication Agents] would be installed on an [Identity Broker] machine allowing [Cross-platform Authentication].

Often the [{$pagename}] would:
* have multiple [Authentication Agents] allowing [Cross-platform Authentication].
* be a member of or have [Federation] into multiple [domains] to provide [Cross-domain authentication]
which would allow [Single Sign-On] ability for multiple platforms and domains.

The [Native Applications Working Group] is defining a profile of [OpenID Connect] (OIDC) that will enable a standardized cross-app [Single Sign-On] experience model for native mobile applications on both consumer-centric and enterprise applications.


!! [{$pagename}] in [Marketing] [3]
[{$pagename}] service is provided to provide [Marketing] [data] to their customers to be able to perform [Marketing] to [customers]. These [{$pagename}] [Services] build (hopefully) [De-anonymization] data sets which create [Anonymous] data on marketing.

[Acxiom Corporation], [Google], [Facebook] are a few of the many [Internet] or [Database] [Marketing] [Organizations|Organizational Entity] that provide these type of services.

!! [Privacy Considerations]
Needles to say [{$pagename}] have [Privacy Considerations]


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Chapter 9. Identity Broker|http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/identity-broker.html|target='_blank'] - loosely based on data observed:2015-06-03
* [#2] - [Identity Broker: An SSO Protocol Transition From OpenID Connect To WS-Federation|https://medium.com/@robert.broeckelmann/identity-broker-an-sso-protocol-transition-fromopenid-connect-to-ws-federation-4af854cf113b|target='_blank'] - based on information obtained 2018-09-01- 
* [#3] - [Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales|https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales|target='_blank'] - based on information obtained 2018-09-01- 










</pre>