What is identity?
Identity can be defined as a set of attributes that describe a person or an object. It may also include information on the relationships with other identities.
When we speak about an identity framework, we normally have three different components that interact together:
- Relying Party ( might also be referred as SP Service Provider )
- Identity Provider
When Users access to services ( in identity terminology accessing to Relying Party ), there is the need for authentication and other attributes for those users. That information is provided by the Identity Provider ( IdP ).
Today we hear a lot about Federated Identity, which is the process where we link the User and it’s attributes with a distinct Identity Management Systems. Most of the times we are just talking about Single Sign-On, where the user authenticate itself against an IdP, which generates a ticket or token that will be used by other systems inside and outside the organization, without the need for the User to re-authenticate.
There are multiple protocols today that allow those three components to interact with each other and how they interact with other organizations, for example: SAML, OAuth, WS-Federation, OpenID Connect, Shibboleth, Liberty Identity Federation Framework, etc.
A brief description on the protocols that are more used and well known in the Industry:
SAML - A set of standards that have been defined to share information about who a user is, what his set of attributes are, and give you a way to grant/deny access to something or even request authentication. Allows for two different organization to establish trust relations without exchanging passwords (http://www.oasis-open.org/committees/security)
OAuth - An open standard for authorization. It is more about delegating access to something. You are basically allowing an application to impersonate you. It is used to grant access to API's that can do something on your behalf. For example, you want to write an application that will use other applications like twitter, Gmail and Google Talk (http://oauth.net/)
OpenID Connect – It is an emerging protocol, focus on simplicity for SP ( Service Provider or Relying Party ) and based on OAuth 2.0. It is a suite of lightweight specifications that provide a framework for identity interactions via REST like APIs. OpenID Connect is built on best practices and years of deployment experience of OpenID, Oauth, SAML, PKI (http://openid.net/connect/)
In part II of this blog we will cover why does Identity matter for a Collaboration solution.