• Federation

  • The move toward federation – interoperability between separate, independent organizations – is part of a larger trend toward Web-based business processes. Federated identity allows users to benefit from the trust between business partners, and is reaching critical mass among many large portal operators. With federated identity, business process integration becomes faster, cheaper, and simpler.

    For companies who want to integrate third-party or outsourced applications into their portals, a federated identity server that provides single sign-on to applications in external organizations is required.

    Portal users do not need to remember IDs and passwords for applications at partner sites, resulting in a better experience and increased security.

    Portal administrators are not required to maintain copies of user data at each partner site, decreasing replication cost and increasing compliance with privacy regulations.

  • Use Case: Integration with Social Services

    Business Requirement: Integrate with Facebook and Google accounts to minimize on-boarding processes for new customers. The cost of maintaining passwords and digital identities on premises required a dedicated team and added liabilities.

    Solution: Otecia has configured the Identity and Access solution installed at the client side to integrate with social media providers using OAuth. Our consulting team enhanced the authentication flow with add-on login against third-party social identity providers such as Google and Facebook.

    Benefits:

    • External users are no longer required to register new account information reducing the burden to remember yet another set of credentials for the client services.
    • The new integration with social identity providers resulted in significant cost savings for the client by minimizing external users account life-cycle and password management. As a result, the client's security liability has been minimized.
  • OAuth

    OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their accounts at Google, Facebook, Microsoft, Twitter, etc.—but without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with HTTP, OAuth essentially allows access token to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.

     

  • Use Case: Federated SSO based on User Attributes

    A university allows its students to access transcript services outsourced to an external service provider (SP).

    A recently graduated student authenticates at the university alumni portal and clicks a link to access transcript services hosted by the SP. As an alumni from the university, the user is taken directly to the Transcript Services portion of the SP website without having to log in.

    A current student at the university authenticates and clicks a link pointing to the SP website. The student is taken directly to the Outsourced Student Services portion of SP website for the university the student is affiliated with. The student does not have to log in to the SP website.

  • Security Assertion Markup Language 2.0 (SAML 2.0)

    Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is, an identity provider. and a SAML consumer, that is, a service provider SAML 2.0 enables web-based authentication and authorization scenarios including