Security from A to Z: Federated ID

This system aims to make it easier for people to manage logins across a number of digital resources. Part of a series on hot security topics.

Federated identity is all about trust.

It refers to the process of using a single ID to authenticate a user across multiple systems--be they IT systems on a network, a group of Web sites or even different organizations.

In order for this linking up of services to be possible, a group of service providers must get together and agree to accept a single authenticating ID for a user.

The main advantage of a federated identity is convenience, since users of services that have agreed to link up in this way don't have to manage a raft of ID credentials in order to access each resource. Federated identity also facilitates a more personalized service for users, without the security risk of storing a large amount of a user's personal data in one place. It's a bit like a jigsaw puzzle--making up a picture by the joining of each small piece.

But--as with any issue of trust--not everyone buys into the logic of federating identity in this way, as standardization inherently introduces an element of insecurity.

Natasha Lomas reported for Silicon.com in London.