Federated identity management and Web services are uniquely intertwined, mutually reliant on each other, and are poised to finally solve a long-running problem in both IT and systems security. From e-business transactions over the Internet to logins for the employee HR portal, uniform access control and robust management tools are required to securely enable connectivity for customers, partners and employees. Yet user databases and access policies are often fragmented, requiring multiple logins for users and repetitive tasks for systems administrators.
The traditional approach to solving this problem has been Single Sign On (SSO), the centralization of access control information into one server that requires special plugins (e.g., "Web agents" for Web servers) to retrieve the information. Every application needs to be "SSO enabled" by programming to the proprietary API, different for each competing vendor. The coding task usually falls to the IT organization. Overall, this technology has not been as successful as originally hoped, with many SSO implementations either behind or experiencing scalability challenges.
Traditional SSO is impractical for extranets or Web services because partners may not agree on a single SSO vendor, and it is not possible to have a unified database. Such a database might have to include up-to-date information on both companies' employees, for example, a task hampered not just by practical but also privacy and business considerations.
