Pattern 6: Federated Identity, Local AuthZ
This is a variation on pattern 3 which allows local identity providers to be used to manage and authenticate users, but by establishing a trust relationship with a national service, allows these identities to be linked to national identities for use outside the local area. These identities are then used to authorise access using a local authorisation server.
- Can be built to address local needs, but within a national framework that establishes proven types and levels of authentication.
- Allows local control over authorisation policies for controlling access to resources.
- Would not itself allow access to national systems, but could allow for automatically re-authorising the ID token with a national authorisation server (pattern 7) to give this capability.
Was this article useful?2