Sole Source A Sole Source is an organization that acts as identity provider (IdP) and relying party (RP) for itself. This organization issues all identities that it recognizes, and only trusts identities that it has issued. An organization like this does not federate identities at all. Because it does not connect to anything else, this […]

A Trust Framework is a specification that describes a set of identity proofing, security, and privacy policies. The framework is authored by subject matter experts, and is written with the intent that compliance can be assessed. The framework also lists the qualifications that an assessor must have in order to judge compliance. A Framework Listing […]

In addition to contract terms, a Technical federation also provides a central service that acts as a clearinghouse for identity operations. It routes authentication requests from the service back to the requester’s chosen identity provider, translating protocols as needed. The existence of a central service lowers the technical and administrative costs of participating in the […]

Four-Party Model A four-party model provides a comprehensive set of interlocking legal contracts that detail roles, responsibilities, and technical methods. In order to take part in the network, each party must agree to one of the contracts in a given framework. Identity providers specialize in providing support for particular roles. Examples: The credit card networks, […]

[Image Coming] Inter-Federation Federations When organizations are unable to communicate directly with one another because of legal limits or national boundaries, existing federations can negotiate inter-federation federations which allow members of different federations to interact with one another. Examples: REFEDS, eduGAIN, and Kalmar2 are inter-federation programs for research institutions and higher education. When to use: […]

Mesh Federation A Mesh Federation provides a legal and policy umbrella so that institutions can interact with one another but does not specify technical methods. Each member organization issues digital identities for its people and the federation agreement provides the legal framework for them to use one another’s resources. The federation agreement might specify governance, […]

Federations A Federation provides a standard, pre-negotiated set of contracts that allow organizations to recognize identities issued by one another. A federation agreement might specify user roles, governance, security and verification policies, or specific technical methods. The federation is organized around a Contract Hub, which is responsible for the agreements. Organizations with similar goals or […]

“Winner Take All” Three Party Model A special case of the three party model where the service provider wants to allow the requester to use an existing identity, but only accepts authentication from a defined set of providers. Participants sign an agreement with the identity provider, which also allows them to talk to one another. […]

A special case of the three party model where the service provider specifies the technical methods that it will accept, but allows the requester to choose any identity service they like. The service provider does not set details for identity verification or authentication and simply assumes that the requester has chosen one that’s good enough […]

Three Party Model A trusted third party provides identities to both the requester and service provider. In order to interact with one another, both must agree to trust the same identity provider. Examples: Google, Facebook, American Express, Paypal, Amazon, iTunes App Store   There are two broad types of Three Party Model. If one (or […]