Federated digital identity can deliver several compelling benefits to organizations. Let's return to the example with which I started the chapter. TIAA-CREF provides 401K benefit management to BYU employees and thousands of other organizations. As we've seen, when I log into the BYU intranet, I gain access only to resources within the BYU firewall. Because BYU and TIAA-CREF do not federate their identity infrastructures, I have to log into the TIAA-CREF site whenever I follow the link from Route Y to TIAA-CREF.
Even if it were practical, TIAA-CREF has no desire to put its proprietary information or user databases inside each of the organizations they serve, and those organizations don't want to turn over their internal user information to an outside vendor. The solution is to federate the identity systems. In that scenario, when I followed the link to the TIAA-CREF page, BYU and TIAA-CREF would automatically and securely exchange identity information. My verified BYU identity would be matched with my customer record at TIAA-CREF, thereby providing direct access without a separate login.
This example suggests how federation takes the benefits of single sign-on and extends them beyond an organization's boundaries. However, there is more to federation than extending a single sign-on. Federation respects the distributed, heterogeneous architecture of the current IT environment. As we've seen, efforts to implement unique, all-encompassing identifiers inevitably fail as requirements and relationships change. By contrast, federated identity enables controlled linkages among the distributed identities of a user and allows for efficient management of digital identity in a radically distributed world. As organizations integrate more pervasively with trading partners and outsourcers, federated identity provides a flexible mechanism to authenticate users from partner organizations and provide them with seamless access to protected online resources.
Federated identity systems can address the integration needs that drive centralized identity efforts, without the associated inefficiencies and costs. Some requirements, such as basic operational standards , certification and auditing, security, fraud prevention, and privacy protection, are common across any digital identity system. A federated system provides an umbrella of common policies and mechanisms across disparate local identity systems