Information Technology Reference
In-Depth Information
Fig 29: Federated identity - Your Access to Partner Applications
It is important not to confuse a locally-provisioned user with an internal
(B2E) user. A locally-provisioned user could be a B2E, B2B or B2C user, but
you are responsible for provisioning them in your organisation's user
repository. Users who are not provisioned locally are those for whom your
partner organisation is responsible. Your partner organisation will vouch for
the identity, roles and other attributes of these users. You know nothing
about them because they are not found in your user repository. You take all
these attributes on trust, because you have the mechanism to verify that it is
indeed your trusted partner organisation that is making those assertions.
That should give you a good picture of federated identity and how
Shibboleth works. There's a bit of work involved in setting it all up, but
hopefully you will see that it's conceptually quite simple. The challenge is to
resist the pulls of expediency and to implement a clean design.
