Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
Identity and access management, sometimes also referred to as just Identity management (IdM), is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IAM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.
The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:
A patent office is a governmental or intergovernmental organization which controls the issue of patents. In other words, "patent offices are government bodies that may grant a patent or reject the patent application based on whether the application fulfils the requirements for patentability."
The Intellectual Property Office of the United Kingdom is, since 2 April 2007, the operating name of The Patent Office. It is the official government body responsible for intellectual property rights in the UK and is an executive agency of the Department for Science, Innovation and Technology (DSIT).
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.
Jisc is a United Kingdom not-for-profit organisation that provides network and IT services and digital resources in support of further and higher education and research, as well as the public sector. Its head office is based in Bristol with offices in London, Manchester, and Oxford. Its current CEO is Heidi Fraser-Krauss, who joined in September 2021 from the University of Sheffield.
Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.
Web Single Sign-On Metadata Exchange Protocol is a Web Services and Federated identity specification, published by Microsoft and Sun Microsystems that defines mechanisms for a service to query an identity provider for metadata concerning the protocol suites it supports. The goal of this operation is to increase the ability of a given service to interoperate with a given identity provider.
Active Directory Federation Services (ADFS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services. Microsoft advises using Entra ID and Azure AD Connect in place of ADFS in most cases.
The Wave Federation Protocol is an open protocol, extension of the Extensible Messaging and Presence Protocol (XMPP) that is used in Apache Wave. It is designed for near real-time communication between the computer supported cooperative work wave servers.
Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.
An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.
Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.
The Open Identity Exchange (OIX) is a non-profit organisation that works to accelerate the adoption of digital identity services based on open standards. It is a non-profit organisation. It is also technology-agnostic and operates collaboratively across both the private and public sectors.
GOV.UK Verify was an identity assurance system developed by the British Government Digital Service (GDS) which was in operation between May 2016 and April 2023. The system was intended to provide a single trusted login across all British government digital services, verifying the user's identity in 15 minutes. It allowed users to choose one of several companies to verify their identity to a standard level of assurance before accessing 22 central government online services.
The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.
Authentication and authorization infrastructure (AAI) refers to a service and a procedure that enables members of different institutions to access protected information that is distributed on different web servers.
