This is the draft preview of version 3.1 for the Federal Identity, Credential, and Access Management architecture.

Edit this page

Federation

A gray box with the list of Federation services defined later in the body text of this page.

Federation is the technology, policies, standards, and processes that allow an agency to accept digital identities, attributes, and credentials managed by other agencies.

Federation has many different applications, including:

Accepting an authentication transaction from another organization:

Agency A authenticates one of its users and passes identity attributes and transaction details to Agency B. Agency B grants access to an application for that identity.

Accepting specific characteristics (i.e., attributes such as identifiers) describing an individual from another organization:

An individual can use their agency-issued credential containing an internal identifier(s) to directly log in to a different agency’s online service. The online service registers the identifier(s) in their system for future use.

Federation Services

The Federation services in the Federal ICAM architecture include Policy Alignment, Authentication Broker, and Attribute Exchange.

A gray box with the Federation service definitions, which are listed in the following body text.

Policy Alignment

Develop relationships and a common understanding between parties by establishing authorities, policies, standards, and principles.

Keywords: Trust Relationship

Authentication Broker

Transform an authentication event into an alternative format, such as an assertion, containing claims about the entity and the authentication transaction, to grant access to a resource.

Keywords: Assertion Service, Federation Assertion, Security Token Service

Attribute Exchange

Discover and acquire identity or other attributes between different systems to promote access decisions and interoperability.

Keywords: Attribute Definition, ARS