NIH Enterprise Architecture Home

NIH Federated Identity - Protocols Brick

Description

The goal of NIH’s Federated Identity service is to give a person the ability to use the same user name, password, or other personal identification to access multiple applications or data sources securely and seamlessly by relying on the identity provider’s authentication process rather than NIH’s. Federated Identity service is enabled through the use of open industry standards and/or openly published specifications.

Please view the NIH Federated Identity - Protocols Brick below:
Brick Information

Tactical

(0-2 years)

Strategic

(2-5 years)
  • Security Assertion Markup Language (SAML)
  • Secure Token Service
  • Kerberos
  • SOAP
  • WS* Token
  • Security Assertion Markup Language (SAML)
  • Secure Token Service
  • Kerberos
  • SOAP
  • WS* Token

Retirement

(To be eliminated)

Containment

(No new development)
  • NT Token/cookie

Baseline

(Today)

Emerging

(To track)
  • Kerberos
  • NT Token/cookie
  • WS* Token

Comments

  • Tactical and Strategic products were selected to leverage NIH's investment in products that are a proven fit for NIH's known future needs. Leveraging baseline products in the future will minimize the operations, maintenance, support and training costs for new products.
  • Evolving open source products are Emerging because open source developers have done a better job of modularizing their software, making it more feasible to combine components in order to produce a desired solution.
  • Containment items listed were generated from discussions with two Domain teams. Identity Providers should be geared towards the investment in Single Sign-On (SSO) and Federated Identity and not to continue NIH-developed, duplicate identity silos.
  • Authentication and Authorization are tracked together in Federated Identity Services. Authentication is verifying an identity and authorization is taking that authenticated identity and verifying access. In Federated Identity, the data to accommodate both actions is encapsulated within the same task.

Time Table

This architecture definition approved on: June 25, 2008

The next review is scheduled in: TBD