One of the factors driving the growth of identity management solutions is widespread dissatisfaction with password protection. Rampant password usage has become a nuisance for users, costly to administer and a major security threat for many organizations.

The typical workplace has at least four different business systems that require user authentication. As the business environment grows more complex it doesn't take long for the number of passwords and login processes to reach double digits. How do users remember all their different usernames and passwords? They don't. They jot them down on sticky notes, tape them to the bottom of their keyboard, record them in a notebook, store them in their handhelds, or write them in any one of a number of places that can be easily discovered by a determined intruder who enters the users' offices. Without an effective password management strategy in place, you put your enterprise's valuable digital assets in jeopardy.

Single sign-on addresses and surmounts all of these shortcomings, especially when it is coupled with other identity management technologies. In an SSO environment, users only need to authenticate themselves once, after which they can directly access any application on the network for which they have permission. This eliminates the annoying stop-and-go user experience that results from multiple logins. Best of all, users no longer need to keep track of multiple passwords.

 Federated Identities

The move toward federation – interoperability between separate, independent organizations – is part of a larger trend toward Web-based business process. Federated identity allows users to benefit from the trust between business partners, and is reaching critical mass among many large portal operators. With federated identity, business process integration becomes faster, cheaper, and simpler.

For companies who want to integrate third-party or outsourced applications into their portals, a federated identity server that provides single sign-on to applications in external organizations is required.

??Portal users do not need to remember IDs and passwords for applications at partner sites, resulting in a better experience and increased security.

??Portal administrators are not required to maintain copies of user data at each partner site, decreasing replication cost and increasing compliance with privacy regulations.

A Common Scenario

Federated Identities is typically used within a portal, so that portal users can access external applications without additional logins. Assume we have two trusted business partners, Retail Corporation and Supplier Corporation.

Retail has a customer portal to support its 200,000 engineering customers. These customers login to the portal, manage their profiles, change service levels, order new products, etc. One of the functions available to these portal users is a technical specification database for all products sold by Supplier and its channel partners.

This database is hosted and managed by Supplier Corporation, and access is restricted according to service agreements with Supplier’s affiliates, such as Retail.

A Simple Identity Federation Example
When an Retail customer logs in to the portal and clicks the “Tech Specs” link, the Supplier Corporation database search application is served up through the Retail portal. Retail’s customers don’t need to maintain a separate user ID and password within Supplier’s environment, and neither company has to synchronize passwords, IDs, or profiles.

The result is a better user experience, increased privacy compliance, and lower administration cost.

 Identification and Authentication

Identification is the act of a user professing and identity to a system, usually in the form of a logon ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that user’s claimed identity is valid and is usually implemented through a user password at logon time. Authentication is based on the following three factors:

	Something you know , such as a PIN or a password
	Something you have, such as an ATM card or smart card
	Something you are (physically), such as fingerprints or retina scan.

 Security Controls

The prime objectives of implementing security controls is to reduce the effect of security threats and vulnerability to a level that is tolerable by an organization. This entails determining the impact a threat may have on an organization, and the likelihood that the threat could occur.

Provisioning or Indenting synchronization is part of solving the identity management problem. Once you have more than one digital identity store, problems arises. Having out dated information in you digital store can lead to a security hole and digital identity attribute integrity problems. Keep in mind that the digital identity is the foundation for your enterprise access and security. This foundation must be solid to ensure compliance with federal and legal regulations.

A major exercise to solve this problem is to determine the authoritative source of information within your organization. Who owns the data? What kind of controls are needed to ensure compliance.