20. Accept Credentials in a Federation
The term ‘federation’ describes an environment where an agency has established the tools and policies to accept identity and credential information from users at another organization, thus expanding secure access to individuals outside the organization. Agencies might look to federate with other governmental bodies or private organizations in order to expand services, reduce costs, and improve overall efficiency.
This use case shows the primary process for providing access to an outside individual in a federated environment.
Pre-condition: Enterprise has set up the tools and policies to accept a federated credential
|An individual requests access to a resource at an outside organization
In this case, an individual at a private sector organization is requesting access to a protected government resource.
|The agency relays the request to the individual’s home organization.|
|The agency directs the individual to their home organization to validate their identity.|
|The home organization verifies the individual’s identity.|
|The home organization generates a “verification assertion” to pass back to the requesting organization.|
|The individual’s home organization passes the assertion to the requesting organization.|
|The individual’s home organization passes the authentication assertion to the individual, who relays it to the requesting organization.|
|An access control decision is made by the organization.|
Post-condition: Individual is authenticated at the outside organization and proceeds to the authorization step.
Click here for a consolidated image of this use case.