This document discusses identity, authentication, and identity federation. It defines identity as a set of attributes that are used to recognize an entity, rather than just an identifier. Authentication is verifying that an entity is valid, while federation passes identity information between systems to enable single sign-on. Identity management systems provide trusted identities and credentials, authentication systems verify users, and applications authorize access based on attributes. Federation is based on trust between systems to externalize features and trust responses.

1. Understanding 'Authentication’
and ‘Identity Federation'
Naohiro Fujie
MVP for Enterprise Mobility

2. Confusion…
•Identity = Authentication ??
•Authentication = Single Sign On ??
•Federation ??

3. What is ‘Identity’ – Johari Window
• We want to recognize existence
of ‘Entity’ like person, computer,
other physical things.
• But we cannot recognize ‘Entity’
directly since the ‘Entity’ is
different from ourselves.
• Also we cannot recognize all part
of own ‘Entity’.
Source: Wikipedia
https://en.wikipedia.org/wiki/Johari_window

4. Recognize ‘Entity’ through ‘Identity’
• ‘Identity’ is not only an ‘Identifier’ but a set of attributes.
• Identifier is one of attribute or a set of attribute of the entity to separate it
from other entities.
• Ex) If there is no ‘Fujie-san’ around here, surname can be used as identifier,
but at my home, we cannot use surname as identifier.
• We recognize ‘Entity’ through recognizing attributes.
Name
Company
Hair Style
Height
Loves Heavy Metal
Identity - Set of attributes
Entity to recognize

5. Identity related keywords
• Authentication
• To check entity is valid or not.
• Federation
• To federate(pass) identity related
information to other entities.
• By federate AuthN result attribute
to other entity(system), user can
Single Sign On between entities.
2.Verify
1.Name/Password
AuthN result3.Generate
Computer system A
- Entity which need
to validate a entity
Name
Company
Password
Attributes of the user
User
- Entity to be verified
4.Access
Authentication
Federation
6.SSO
Major protocols
are SAML, OpenID
Connect
Major protocols
are RADIUS,
Kerberos OpenID
Computer system B
- Federate with
system A
Name
Attributes of the user
5.Federate
AuthN result

6. Role of Identity & Access Management
Trust Trust
Trust/Federation
Provide
Credentials
Provide
Common
Attributes
Provide AuthN Result
Identity
Management
System
Authentication
System
Applications
Identity Management System’s role
- Provide trustworthy identities to other systems.
How?
ex) by import data from HR
Authentication System’s role
- Verify the validity of the user.
How?
ex) Password + SMS notification
Application’s role
- Authorize user’s access.
How?
ex) Change user’s role align to the department
and title attributes of the user
Trust means…
- Externalize and
delegate feature to
other system, and
trust the response
from the system.
Applications
Note)
User can SSO across apps if these
apps trust the same authN system.
App admins
App specific
attributes
Federation is based on inter-system ‘Trust’