Pattern 3: Federated Identity, National AuthZ
This pattern allows local identity providers to be used to manage and authenticate users, but by establishing a trust relationship with a national service, allows these identities to be linked to national identities for use outside the local area. These identities are then used to authorise access using a national authorisation server.
- Can be built to address local needs, but within a national framework that establishes proven types and levels of authentication.
- By adhering to this overall framework, these local solutions can be federated and trusted by local systems, and potentially authentication services in other regions – allowing use outside the immediate local area.
- Requires up-front work to develop a national framework, and establishment of a national assessment process to assure local solutions in order to grant them “trusted” status and federate with them.
- Would only do authorisation against nationally agreed policies using information held about the user nationally – e.g. would not do checks that rely on user attributes only held in the local systems, such as legitimate relationship checks
Was this article useful?2