Security from A to Z: Federated ID

This system aims to make it easier for people to manage logins across a number of digital resources. Part of a series on hot security topics.

Natasha Lomas Mobile Phones Editor, CNET UK

Natasha Lomas is the Mobile Phones Editor for CNET UK, where she writes reviews, news and features. Previously she was Senior Reporter at Silicon.com, covering mobile technology in the business sphere. She's been covering tech online since 2005.

See full bio

Natasha Lomas

Nov. 28, 2006 12:26 p.m. PT

Federated identity is all about trust.

It refers to the process of using a single ID to authenticate a user across multiple systems--be they IT systems on a network, a group of Web sites or even different organizations.

In order for this linking up of services to be possible, a group of service providers must get together and agree to accept a single authenticating ID for a user.

The main advantage of a federated identity is convenience, since users of services that have agreed to link up in this way don't have to manage a raft of ID credentials in order to access each resource. Federated identity also facilitates a more personalized service for users, without the security risk of storing a large amount of a user's personal data in one place. It's a bit like a jigsaw puzzle--making up a picture by the joining of each small piece.

But--as with any issue of trust--not everyone buys into the logic of federating identity in this way, as standardization inherently introduces an element of insecurity.

Natasha Lomas reported for Silicon.com in London.