Last time, I talked a bit about SAML and Federated Identity . It turns out this is a subset of a general area, an area commonly referred to as Identity Management . The issue is how to protect and manage credentials across a wide array of network applications that have different authentication methods and requirements. I talked about SSO last time, mostly around SSO in browsers and web applications. As Pablo reminded me , it's not just web browsers; SAML is trying to solve the problem of SSO in general so that the user can log in once for multiple applications. This is, of course, critical in Real-World services or SOA. All of this points to an effective identity management infrastructure. The Elements of an Identity Management System Such a solution would be made up of the following capabilities as services [1]: Identity Provisioning Services - Set up users easily; Provision users and roles typically in LDAP compliant sources; Policy definition and enforcement Identity Data Synchronization Services - This is all about synchronizing identity data across a wide range of heterogeneous apps, directories, databases and other stores Access Management Services - SSO access to apps and services across heterogeneous apps, Web Services and resources running on diverse platforms local or network Federation Services - This is one place where SAML comes in to provide a federated framework and authentication -sharing mechanism that is interoperable with existing systems Directory Services
Read More...