Trust federation

Last updated

Trust federations are part of the evolving Identity Metasystem that will bring a new layer of persistent identity and trusted data sharing to the Internet. Although the concept of trust federations is technology neutral, several protocols like SAML, OpenID, Information Card, XDI can handle the challenges of technical interoperability. The challenge of business and social interoperability requires a new type of cooperative association similar to a credit card association. Instead of banks, however, a trust federation is an alliance of i-brokers and their customers who agree to abide by a common set of agreements in the care and handling of customer data. A model for trust federations is offered by Open Identity Exchange and Kantara Initiative, which is applied in the U.S. Government ICAM Trust Framework.


Some operational trust federations [1] are:

Trust federations are not limited to the social web use case, but apply to all federations where trust in identity and compliance to other objectives of information security such as confidentiality, integrity and privacy is brokered.

See also

Related Research Articles

Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader definition takes into account social, political, and organizational factors that impact system-to-system performance.

The Organization for the Advancement of Structured Information Standards is a nonprofit consortium that works on the development, convergence, and adoption of open standards for cybersecurity, blockchain, Internet of things (IoT), emergency management, cloud computing, legal data exchange, energy, content technologies, and other areas.

Liberty Alliance

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

XDI is a semantic data interchange format and protocol under development by the OASIS XDI Technical Committee. The name comes from the addressable graph model XDI uses: every node in the XDI graph is its own RDF graph that is uniquely addressable.

i-numbers are a type of Internet identifier designed to solve the problem of how any web resource can have a persistent identity that never changes even when the web resource moves or changes its human-friendly name. For example, if a web page has an i-number, and links to that page use the i-number, then those links will not break even if the page is renamed, the website containing the page is completely reorganized, or the page is moved to another website.

I-names are one form of an XRI — an OASIS open standard for digital identifiers designed for sharing resources and data across domains and applications. I-names are human readable XRIs intended to be as easy as possible for people to remember and use. For example, a personal i-name could be =Mary or =Mary.Jones. An organizational i-name could be @Acme or @Acme.Corporation.

A link contract is an approach to data control in a distributed data sharing network. Link contracts are a key feature of the XDI specifications under development at OASIS.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity".

OpenID Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by cooperating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.


Yadis is a communications protocol for discovery of services such as OpenID, OAuth, and XDI connected to a Yadis ID. While intended to discover digital identity services, Yadis is not restricted to those. Other services can easily be included.

Windows CardSpace Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

Information card

Information cards are personal digital identities that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor is implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.

The Emergency Data Exchange Language (EDXL) is a suite of XML-based messaging standards that facilitate emergency information sharing between government entities and the full range of emergency-related organizations. EDXL standardizes messaging formats for communications between these parties. EDXL was developed as a royalty-free standard by the OASIS International Open Standards Consortium.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

An Extensible Resource Identifier is a scheme and resolution protocol for abstract identifiers compatible with Uniform Resource Identifiers and Internationalized Resource Identifiers, developed by the XRI Technical Committee at OASIS. The goal of XRI was a standard syntax and discovery format for abstract, structured identifiers that are domain-, location-, application-, and transport-independent, so they can be shared across any number of domains, directories, and interaction protocols.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

Kantara Initiative

Kantara Initiative, Inc. is a 'commons' ethos and ethics operated 501 c(6) non-profit industry professional trade association that works to develop standards for identity and personal data management. It focuses on improving trustworthy use of identity and personal data in the area of digital identity management and data privacy.

The Open Identity Exchange (OIX) is a membership organisation that works to accelerate the adoption of digital identity services based on open standards. It is a non-profit organisation and is technology agnostic. It is collaborative, and works across the private and public sectors.


  1. "Kantara Initiative: Implemented Trust Frameworks".