This Article 
 Bibliographic References 
 Add to: 
The Venn of Identity: Options and Issues in Federated Identity Management
March/April 2008 (vol. 6 no. 2)
pp. 16-23
Eve Maler, Sun Microsystems
Drummond Reed, Cordance Corporation
Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity's components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.

1. Security Assertion Markup Language (SAML) V2.0, Oasis, 2007; v2.0saml-conformance-2.0-os.pdf.
2. OpenID Authentication 2.0, OpenID Foundation, 2007; .
3. OpenID Attribute Exchange 1.0, OpenID Foundation, 2007; .
4. Identity Selector Interoperability Profile 1.0, Microsoft, 2007, 1/a/11ac6505-e4c0-4e05-987c-6f1d31855cd2 Identity-Selector-Interop-Profile-v1.pdf .
5. A. Pfitzmann and M. Hansen, Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology v0.31,15 Feb. 2008; .
6. Extensible Resource Identifier (XRI) Syntax 2.0, Committee Specification, Oasis, 2005; 15377.
7. Identity Web Services Framework 2.0, Liberty Alliance, 2006; liberty_alliance_id_wsf_2_0_specifications_including_errata_v1_0_updates .
8. G. Wachob et al., eds., Extensible Resource Identifier (XRI) Resolution 2.0, Committee Draft, Feb. 2008; xri-resolution-V2.0.html.
9. J. Hodges, OpenID-SAML Lightweight Web Browser SSO Profile, IdentityMeme, 21 Sept. 2007; .
10. A. Nadalin et al., eds., WS-Trust 1.3, Oasis Web Services Secure Exchange Technical Committee, 19 Mar. 2007; 200512ws-trust-1.3-os.html.
11. J. Hodges, Technical Comparison: OpenID and SAML, IdentityMeme, 17 Jan. 2008; .
12. T. Abe, H. Itoh, and K. Takahashi, "Implementing Identity Provider on Mobile Phone," Proc. ACM Workshop on Digital Identity Management (ACM DIM), ACM Press, 2007, pp. 46–52.

Index Terms:
digital identity, federated identity management, access control, security and privacy, user authentication, distributed identity management, SAML, OpenID, InfoCard, Cardspace
Eve Maler, Drummond Reed, "The Venn of Identity: Options and Issues in Federated Identity Management," IEEE Security & Privacy, vol. 6, no. 2, pp. 16-23, March-April 2008, doi:10.1109/MSP.2008.50
Usage of this product signifies your acceptance of the Terms of Use.