An Identity Provider (IdP) is responsible for issuing identification information and authenticating users by using security tokens like SAML 2.0. This is a favourable alternative to explicitly authenticating a user within a security realm.
WS-Federation (Web Services Federation) describes the management and brokering of trust relationships and security token exchange across Web services and organizational boundaries. WS-Federation is a part of the larger WS-Security framework. For example, WS-Federation builds on the Security Token Service (STS) by providing mechanisms that facilitate interactions. In the WS-Federation Model an Identity Provider is a Security Token Service (STS). Service Providers depend on an Identity Provider or Security Token Service to do the user authentication. OAuth is an important protocol for IdP services as most major Web services are also identity providers, mainly through the use of OAuth. These Web services include Google, Facebook, Yahoo, AOL, Microsoft, PayPal, MySpace, and Flickr among many more. Furthermore, all major email providers offer OAuth IdP services.
In perimeter authentication, a user needs to be authenticated only once (single sign-on) and a security token is sent as a result. This is processed by an Identity Assertion Provider for each system it needs to access.
This section includes the following topics.