|
An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for (a) providing identifiers for users looking to interact with a system, and (b) asserting to such a system that such an identifier presented by a user is known to the provider, and (c) possibly providing other information about the user that is known to the provider. This may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm. An example of this could be where a website allows users to log in with Facebook credentials and Facebook acts as an identity provider. Facebook verifies that the user is an authorized user and returns information to the website - e.g. username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter credentials then Google and Twitter act as identity providers. In perimeter authentication, a user needs to be authenticated only once (single sign-on). The user obtains a security token which is then validated by an Identity Assertion Provider for each system that the user needs to access. Some Identity Assertion Providers support several security token types - such as SAML, SPNEGO, and X.509. ==Service provider vs. identity provider== "Provider" is a generic way of referring to both IdPs (Identity Providers) and SPs (Service Providers). There are overlaps when it comes to defining Identity providers vs. Service Providers. According to the OASIS organization that created SAML, an Identity provider is defined as "A kind of provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles." 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「identity provider」の詳細全文を読む スポンサード リンク
|