Computerworld - The reduced identity administration costs, improved access to cross-organizational applications and better security promised by federated identity management systems are finally beginning to drive corporate interest, say proponents of the technology.
But organizational trust concerns and nagging interoperability problems continue to pose big challenges.
"Identity federation has been talked about for some time, but it is only now that we are really seeing a number of customers showing interest in it," says Jason Lewis, vice president of product management at RSA Security Inc. in Bedford, Mass.
"The main reason why users are looking at federated ID management is to make it easier to do business online for their customers, business partners and their employees," he says.
Identity federation allows users to present a single set of identity and authentication information to access applications and services across multiple domains and distributed, heterogenous networks. A federated system allows a user's identity in one domain to be used to gain access to resources in another domain without the need for separate authentication.
Federated identity projects enable single sign-on to cross-organizational resources, while other identity management systems focus on improving internal access to resources.
One company that's implementing cross-domain authentication is insurance provider Nationwide Financial Services Inc., which recently deployed a federated identity system using technology from RSA Security.
The system lets thousands of Nationwide insurance agents and brokers go to a central portal site where they can access the Columbus, Ohio-based company's applications as well as applications hosted on sites belonging to some of its partners.
Previously, Nationwide's agents needed to create separate accounts and passwords with the third parties to access their applications. The partners, in turn, needed to maintain their own lists of usernames and passwords for Nationwide's agents.
With identity federation, the agents have to authenticate themselves only once on the central Nationwide portal and simply click on the appropriate links to access applications on the partner sites.
RSA's Federated ID Manager technology intercepts an agent's request with his log-in information. It generates an encrypted Security Assertion Markup Language (SAML) message containing the user's identity profile and other authentication information that the partner needs in order to let the user access its applications.
The SAML assertion and the browser session are then directed to the partner's site, where another federation server or agent parses the packaged identity information and uses it to grant access to the application the agent wanted.
Such cross-domain identity assertion can yield multiple benefits, says Daniel Blum, an analyst at Burton Group in Midvale, Utah.
"There
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
