Federated identity describes a set of technologies that enable authentication across autonomous security domains. One goal of federated identity is to enable users of one security realm to access secured data or systems of another security realm without the need to maintain separate accounts for the users in each security realm. For example, federated identity allows web-based services such as, for example, web-based email clients, collaborative workgroups, or resources stored on secured websites in a first security realm to be accessed by users that belong to a second security realm without actually having valid credentials in the first security realm. Federated identity uses trust-based relationships to allow enable organizations to issue valid credentials to users that present valid credentials from their own organization. Essentially, one organization “trusts” credentials from another organization. A user can obtain a valid credential from its authentication service and present it to the authentication service of a remote company. The remote company authentication service can “trust” that the credential is valid and can issue a credential that can be used within the remote company's security realm. The user can then access a web-based resource using the newly obtained credential.
This technique reduces administrative overhead in various ways. For example, separate user accounts don't need to be created for partners and partners wouldn't have to call the remote company's help desk when they forget their userids/passwords. Finally, federated identity reduces security risks. For example, if a partner is no longer with the partner organization and their ability to obtain a valid partner credential is revoked the partner's ability to access resources of the remote company is also revoked.
While these services work well for providing access to web-applications, they can not be used to log on to computer systems and thus can not be used to access desktop applications. Accordingly, techniques for extending federated identity to operate with applications that run in a desktop environment are desirable.