ABSTRACT
This chapter examines the process of identification, authentication, and authorization as they apply to the process of identity management. Identity is independent from authorization to enter or be denied entrance to the garden. A better solution in the many-walled garden might employ an accompanying document or representative able to authorize passage from one area to another more easily, in which federated identity management solutions provide the same service within an extended enterprise. Identification within the network enterprise consists of some method by which the user or service identifies its unique identity to an authentication service. A federated identity management solution can also be used for single-sign-on authentication. When a user or service requests resources from within an authentication boundary, the identity management system provides the appropriate set of credentials from its encrypted store on behalf of the already-authenticated identity.
