One of the benefits of a network is to allow users to access services from a remote computer system using a local computer system. For example, users may use online banking services to check their financial accounts, online gaming services to play games with other users, on-demand video services to watch movies, and access other such services. Often the services are provided by different service providers. The service providers may require that the users are authenticated before providing access to the resource.
In order to authenticate the user, the service provider may require that the user have a digital identity associated with the service provider. Thus, when multiple service providers are controlled by different business organizations, a user may have multiple digital identities, one for each service provider. Because of the multiple digital identities, a user may be required to sign-on to each service provider separately. In order to remove this requirement, identity federation may be used.
Identity federation allows business organizations controlling different service providers to form a partnership and share digital identities. The partnership allows the service providers to form a circle of trust. The circle of trust has a one or more identity providers that communicates with the service providers and manages the authentication of the user. Thus, when a user is authenticated to one service provider, the user may be automatically allowed access to other service providers in the same circle of trust.