Federated link or federated identity allows users to access multiple applications and domains with a single set of credentials.
Apparently this sounds like a very convenient and user-friendly system and it is, to a great extent. But this system has some serious downsides too.
Let’s discuss in this Innocams blog post this interesting system and find out its pros and cons.
Table of Contents
What is a Federated Link?
A federated identity system links a user’s credentials, like username and password, to multiple identity management systems.
As a result, the user can access different applications or resources with a single identity like the username-password combination. In this case, he doesn’t need to log in to different applications separately.
How Federated Identity Works
Federated link or identity system utilises several IT technologies. Here is a breakdown.
The Summary of What Happens
Federated identity, which is also known as federated identity management (FIM), works on the basis of a trust relationship between an identity provider (IdP) and service provider (SP).
The IdP creates and manages the user’s credentials and the IdP and SP agree on an authentication method. Many SPs can participate in a federated identity pact with a single identity provider.
In such a case the IdP has a trust relationship with all those SPs.
The IdP stores a user’s credentials in its database and when a user tries to access an SP, he doesn’t have to provide his credentials: the IdP will check and authenticate his digital identity in its database and send the SP the user information. The SP then gives the user access to its resources.
For example, you can access your Facebook account using your Google Account. This is a fine example of this federated link system. Here Google is the identity provider and Facebook is the service provider.
A Deep Dive into Technology
The FIM system takes advantage of several data transfer protocols. I will give you a brief description of them now.
1. Extensible Markup Language (XML): It is a markup language used to store data and share them with other platforms, websites or resources.
2. Security Assertion Markup Language (SAML): This is an XML-based markup language used to exchange authentication and authorisation data between parties, for example between an IdP and an SP.
3. Open Authentication (OAuth): In terms of federated link system, OAuth is a data transfer framework where a user grants a third party access to his data on a website without revealing his password.
Putting It All Together
Suppose, you’re logging into your Facebook account using your Google credentials (username-password combo). This is what happens:
- Facebook asks Google to confirm you are who you claim to be.
- Google checks its database and realises it is you.
- Google tells Facebook (in XML structure obeying SAML protocol) that yes, you are who you claim to be and will send FB some ‘tokens’.
- Google and Facebook have a previous trust relationship.
- Facebook trusts Google and gives you access to your data on Facebook with your Google credentials.
- Through OAuth, you have permitted access to your data, not password.
- This total process is authentication and authorisation.
- Google will never share your password with Facebook.
Benefits of Federated Link
Federated link, which is often identified with federated identity yields several benefits for users, IdPs and SPs.
Benefits for Users
- An User can access multiple applications and resources using one set of credentials (username and password). It greatly improves user experience as he doesn’t have to remember many usernames and passwords.
- Single-credentials access to multiple resources saves a lot of time and energy which users can use for other more important productive work.
- In federated link systems or federated identity management, users don’t need to remember lots of passwords. This reduces the risk of forgetting and creating a lot of new passwords.
Benefits for IdP
- IdPs can implement strong security strategies, like multi-factor authentication, to protect user data and credentials.
- The FIM allows IdPs to keep user data and credentials in a single location and reduce cost and simplify operations.
- By providing this FIM service, IdPs can greatly improve their user experience, leading to more user loyalty and engagement.
Benefits for SP
Reduced workload: Since the IdP authenticates user credentials, the SP doesn’t have to carry the burden of managing user credentials.
Enhanced Security: By trusting the IdP for user authentication, the SP can enhance its own security strength.
Better User Experience: By allowing users to access its data by using a third-party intervention, the SP can greatly enhance its user experience and engagement.
Reduced Cost: By leaving the authentication part to the IdP, the SP can reduce its IT cost of identity management.
Disadvantages of Federated Link
Federated link or federated identity management system has great advantages, as we’ve just seen.
However, it has its share of disadvantages too. I’ll discuss them now to make this guide complete.
It Is a Complex System
The FIM system is complex to set up and manage. Here is a breakdown:
- Different systems use different protocols. Integrating them all into an all-encompassing system can be challenging.
- Establishing trust and maintaining it between different organisations, especially who are not natural bedfellows, is time-consuming and somewhat dubious.
- Websites change their policies frequently. Integrating all policies of different organisations into a consistent federated system can be difficult.
Reliance on Third Parties
Federated link or identity system relies on third-party efficiency. If there is any system chaos or data breach in the IdP, users may lose access to their data on many platforms and resources at the same time.
Possibilities of Disruption
If any IdP suddenly changes its privacy policy or goes out of business, companies and individuals who depend on them will face tough challenges. For businesses, this can cause serious trouble like total disruption of operations.
Unwanted Data Tracking
Third party IdPs can track the data and activities of users on different websites and this may mean a disturbing infringement on the user’s privacy.
Conclusion
Federated link or federated identity is a useful system that allows users to access their data from a single entry point. It means, they can access many websites, platforms and other online resources through a single set of credentials.
There are several benefits of this system.
For users, it brings convenience of not remembering lots of usernames and passwords for different websites.
For IdPs and SPs, this system helps them improve their security, simplify user data management and reduce cost related to user data management.
However, this system has some demerits too. Like, if something bad happens to an IdP, all users it serves will lose access to multiple resources simultaneously. There is also an issue of privacy as IdPs can track users behaviour across multiple platforms and sites.
Frequently Asked Questions
What is a federated link?
A federated link or a federated identity is a system where users can access many websites using a single username and password.
If I access Facebook with Google credentials, will Facebook know my Google password?
No. Google will use a special technique to authenticate you. It will not reveal your password to Facebook.
Is accessing different sites with a single Id safe?
More or less, if you use a reputable and responsible IdP like Google.
Isn’t there any risk in this federated link system?
Yes, there are some risks. I’ve discussed them in detail in this blog post.
