This gave administrators
a single system to manage, yet users were able to access
the resources they needed, without the need to duplicate their
identities across the many systems. As the Internet grew, users
found themselves needing to access resources outside the control
of the domain they were in??”and as a result, they are creating
accounts on many different systems.
Identity federation is the response to the challenge of managing
identities across domains, companies, and networks. Users of
one domain can be granted access to resources in another domain,
without duplicating accounts across systems.
Active Directory Federation Services (ADFS) solves this??”it enables
enterprises to use Active Directory and federate identities
from one domain to another across the Internet. With ADFS, the
domains negotiate the details and set up their systems to share
negotiated identity information.
Uncovering the Rationale for Becoming an Identity Provider
328 Identity Providers
Microsoft Passport was another attempt to assist organizations in
sharing identities but really only tried to federate one way:
Passport expected RPs to use its identities, but there was no
facility to have Passport accept identities from other parties.
Pages:
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470