Jump to content

Identity provider

From Wikipedia, the free encyclopedia
(Redirected from Identity assertion provider)

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.[1] Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.[2]

An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.”[3] SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Identity providers can facilitate connections between cloud computing resources and users, thus decreasing the need for users to re-authenticate when using mobile and roaming applications.[citation needed]

Types of identity providers

[edit]

OpenID provider

[edit]

OpenID Connect (OIDC) is an identity layer on top of OAuth. In the domain model associated with OIDC, an identity provider is a special type of OAuth 2.0 authorization server. Specifically, a system entity called an OpenID Provider issues JSON-formatted identity tokens to OIDC relying parties via a RESTful HTTP API.

SAML identity provider

[edit]

The Security Assertion Markup Language (SAML) is a set of profiles for exchanging authentication and authorization data across security domains.[4] In the SAML domain model, an identity provider is a special type of authentication authority. Specifically, a SAML identity provider is a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes these authentication assertions is called a SAML service provider.[citation needed]

See also

[edit]

References

[edit]
  1. ^ Grassi, Paul A; Garcia, Michael E; Fenton, James L (2017-06-22). Digital identity guidelines: revision 3 (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology. doi:10.6028/nist.sp.800-63-3.
  2. ^ "What is an identity provider?". entrust.com. Retrieved 2 November 2024.
  3. ^ Identity Providers and Service Providers Archived 2016-10-22 at the Wayback Machine, salesforce.com. Retrieved 25 July 2016.
  4. ^ "SAML Explained in Plain English | OneLogin". www.onelogin.com. Retrieved 2024-11-02.