FEDERATED EXAMPLE

How Federation Works

In the example above illustrates two distinct organizations need to share authorization information. Blue Corps deployed an application that employees of Green Inc. need to access. Without a common single security administrator, there are two choices: a) Each must duplicate parts of the application needed by the Green staff or b) Blue administrators must maintain a list of the Green employees and their respective roles and responsibilities. Both of these solutions are common, difficult to implement and not particularly secure.

Once data is duplicated and moved, it is difficult to keep it synchronized or impossible to withdraw access rights to it. Likewise having Blue keep track of Green’s employees is difficult and expensive, even when a common credentialing system is used.

Two organizations, Blue Corps and Green Inc., are business partners. Green’s staff needs access to Blue’s systems, so both establish a policy in which Blue trusts Green to properly vet employees who request access to specific information. Both organizations implement a proof-based authorization scheme and both use Ozone® to manage it.