A Single Sign-On for All Supply Chain Members? Its Time May Be Coming, Now That Federated Identity Is Here

TLDR: The first federated identity management framework is the one proposed by the Liberty Alliance as mentioned in this paper, which allows service providers to identify each of their users by an arbitrary pseudonym (e.g., a "band of brothers" who know each other).

Abstract: The current identity crisis has the potential to afflict all "netizens." Identity theft can lead to identity fraud and financial losses not to mention endless hassles about whether you--when requesting a new credit card online, or engaging in e-commerce--are really you or a fraudster simply out to spend money in your name. For business managers looking to web services for efficiencies in managing supply chains or linking employees to outsourced pension plans, the stakes in identity management are even higher. Given that, technology gurus have been brewing a new approach to authenticating online identities for use in B2B. It's called federated identity management. In brief, that means distributing user identities among a circle of trust--a "band of brothers" who know and trust each other. The circle of trust could be an enterprise headquarters and employees on the road or at "away" locations. It could be an extranet linking an enterprise with its suppliers and customers. It could be a bank linking its customers to its deposit account, its credit card issuer, and its 401(k) manager. It could be a circle of no more than a dozen. Or a cast of thousands, as it is with General Motors--or with France Telecom's 50 million cellphone users. Liberty Alliance was not the first to offer federated identity. Nor does it have the most products at work in the most installations today, although General Motors and France Telecom are two of them. However, Liberty is interesting for several reasons. It's an alliance of (now) more than 150 end-user companies, government organizations, system integrators, and software and hardware vendors around the world. It provides an open-source, standards-based software platform that allows entities within circles of trust to interact with one another using a single signon--and signoff. Circles of trust are spontaneously organized as supply chains, affinity groups, intranets, extranets, or whatever makes business sense. There is no central repository of user IDs and personal profiles. Each circle of trust is an autonomous network--a federation. Each organization keeps its own identity rules, along with its own identity software and its own security system, and, when Liberty-enabled, specifies what attributes from its user profiles it will allow other members of the circle to access. Liberty provides a standards-based platform for interoperating the various identity programs. Each of Liberty's federated circles of trust is made up of a designated identity provider (IDP), usually the principal member, and service providers (SP) who together constitute, say, the supply chain. The IDP manages identities for the circle. An enterprise can play different roles--e.g., a computer parts supplier could be an IDP for its payroll outsource and an SP in a relationship with a large PC retailer. To foil would-be identity thieves and to protect individual privacy, the Liberty framework allows service providers to identify each of its users by an arbitrary pseudonym--e. …