Deb Radcliff's defining, informative and well thought out article on the current state and future of Federated Identity is a must read for all SOA, Networking and Security professionals. According to Deb (excerpts from article):
Federated identity, the process of authenticating someone across multiple IT systems and organizations, is taking on new meaning with the growth of cloud and mobile.
Synovus Bank, with 30 banks on the East Coast, didn't want to manage the identities of its approximately 100,000 commercial and 200,000 home-based customers. It also wanted its identity management to occur outside its firewall. So Synovus recently started using Crosscheck Network's Forum Sentry XML Gateway service between these users and their applications.
“Users and their sessions authenticate on the Forum structure, their SAML assertions are signed by Forum, and Forum also issues their secure tokens,” says Santosh Kokate, lead technical analyst with Synovus. “The beauty is I have online banking sitting safely behind the identity gateway and the identities and authentication are established there. I don't have to manage those identities or write a single line of code to make federation happen.”
Synovus also supports authentication for mobile users through REST (Representational State Transfer), which supports HTTPS-based assertions for when Kokate estimates are 8,000 mobile banking customers at this point (and more planned in the future). Because Synovus' intermediary, Crosscheck, supports these and other standards, Synovus can adapt to different types of identity federation requirements as needed.For complete article, click Federation 2.0: An Identity Ecosystem.