A Peer-to-Peer Federated Authentication System

Abstract

A Federated identity management system extends identity information across multiple security domains. It is an enabler for sharing information and services among organizations while respecting the authorization decisions of each organization. Federation can be realized in two ways: 1) Conventional federation that is based on a multilateral agreement among participants and 2) Peer-to-peer (P2P) federation that is based on bilateral agreements. In this paper, we introduce a P2P federated authentication system based on the OASIS security assertion markup language (SAML) version 2.0 standard. The P2P federation model is simpler and more flexible than the conventional federation model even though managing peer relationships becomes a burden if the number of peers gets unmanageably large. The conventional federation model and P2P federation model are not mutually exclusive. The two models can co-exist and interoperate.