SOA Patterns: Proposal for Federated IdentityMay 23, 2011 No Comments
How can one achieve single-sign-on for services and applications residing in different enterprises and in the cloud?
The proposed solution, Federated Identity, is another candidate SOA pattern submitted and being considered by the SOA patterns community process. If approved, it will be added to the established SOA patterns outlined at SOApatterns.org and in the book SOA Design Patterns (coordinated by Thomas Erl).
Candidate SOA pattern: Federated Identity
At issue: Direct authentication is impractical to use when consumers need to access a large number of services within an enterprise. Brokered authentication effectively solves that problem by creating an enterprise resource that handles authentication on behalf of the rest of the services. By so doing the business services are relieved from the task of identifying users and it is possible to get a single-sign-on for the enterprise. However, in many cases users need to use services across enterprise borders and even services that reside in the cloud. These services do not accept tokens (or credentials) issued by your authentication broker.
Solution: Establish a trust relationship between your Authentication Broker and the Authentication Broker of the business services that your users needs to access. Use tokens issued by your own Authentication Broker to obtain tokens from the other Authentication Broker and send those obtained tokens to the business services that doesn’t accept your tokens.Featured Blogs