An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be ''federated'', that is, it consumes

federated identity A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a ...

. An identity provider is “a trusted provider that lets you use

single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

(SSO) to access other websites.” SSO enhances usability by reducing

password fatigue Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to log in to a computer at work, undo a bicycle lock or conduct banking from an automat ...

. It also provides better security by decreasing the potential

attack surface The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small a ...

. Identity providers can facilitate connections between

cloud computing Cloud computing is the on-demand availability of computer system resources, especially data storage ( cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over mu ...

resources and users, thus decreasing the need for users to re-authenticate when using mobile and roaming applications. {{cite web , url = https://patents.google.com/patent/CA2929825C , title = Method of and system for managing a federation of cloud computing resources , date = 13 November 2018 , author = Ormuco Inc. , publisher = Google Patents , access-date = 7 June 2019 , quote = As a result of the implementation of the collector module and/or the identity provider, cloud federation usage data indicative of a usage of the federation of cloud computing resources by the user may be generated and connection establishment between the cloud computing resources and the user may be u.

Types of identity providers

IndieAuth identity provider

IndieAuth IndieAuth is an open standard decentralized authentication protocol that uses OAuth 2.0 and enables services to verify the identity of a user represented by a URL as well as to obtain an access token that can be used to access resources under the ...

is an open standard

decentralized Decentralization or decentralisation is the process by which the activities of an organization, particularly those regarding planning and decision making, are distributed or delegated away from a central, authoritative location or group. Conce ...

authentication protocol that uses

OAuth OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. T ...

2.0 and enables services to verify the identity of a user represented by a URL as well as to obtain an access token that can be used to access resources under the control of the user. In the IndieAuth model, a user’s identity links to their preferred identity provider, which can be their own site, or delegated to a third party authorization endpoint.

OpenID provider

OpenID Connect OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provide ...

(OIDC) is an identity layer on top of

. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...

API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...

SAML identity provider

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains. In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.

References

Computer access control Federated identity Identity management Identity management systems

Types of identity providers

IndieAuth identity provider

OpenID provider

SAML identity provider

See also

References