Identity provider

An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for:

• Providing identifiers for users looking to interact with a system
• Asserting to such a system that such an identifier presented by a user is known to the provider
• Possibly providing other information about the user that is known to the provider.

Description

These goals may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm.

An example of this could be where a website allows users to log in with Facebook credentials and Facebook acts as an identity provider. Facebook verifies that the user is an authorized user and returns information to the website - e.g. username and email address (specific details might vary).

Similarly, if a site allows login with Google or Twitter credentials then Google and Twitter act as identity providers.

In perimeter authentication, a user needs to be authenticated only once (single sign-on).

The user obtains a security token which is then validated by an Identity Assertion Provider for each system that the user needs to access.

Some Identity Assertion Providers support several security token types, including:

• Security Assertion Markup Language (SAML)
• SPNEGO,
• X.509

See also

• Security Assertion Markup Language
• Single sign-on

External links

• Identity provider @ Wikipedia