Library

Browse and search developer information

Pattern 6: Federated Identity, Local AuthZ

Pattern Description

This is a variation on pattern 3 which allows local identity providers to be used to manage and authenticate users, but by establishing a trust relationship with a national service, allows these identities to be linked to national identities for use outside the local area. These identities are then used to authorise access using a local authorisation server.

Benefits

  • Can be built to address local needs, but within a national framework that establishes proven types and levels of authentication.

Concerns

  • Allows local control over authorisation policies for controlling access to resources.
  • Would not itself allow access to national systems, but could allow for automatically re-authorising the ID token with a national authorisation server (pattern 7) to give this capability.