Identity Federation in Web Services

Securely exchange identity across domains

Web services represent a powerful vehicle for reusing application logic across diverse business processes. These processes often need to traverse multiple security domains with independent preferences, capabilities and requirements. Consequently, serious communication, propagation and processing problems can arise as each domain attempts to share Web services.

These “federation” problems complicate the implementation of Web services. This white paper outlines the features of a solution able to facilitate effective use of Web services by allowing services to bridge application identities across security domains. The document also outlines why an identity federation solution for Web services must be:

• Able to maintain strict localized access control
• Standards-based and flexible
• Deployable without significant coding or integration
• Simple, effective and secure