Table of Contents
What are federated identity management (FIM) and token credentials, and how do they work together to provide secure access to online resources?
FIM is an identity management system that allows us to exchange and manage digital identities. Token credentials are an important part of FIM, as they act as the means by which these digital identities circulate within the system. Token credentials typically take the form of physical devices such as smart cards or USB tokens, or they can be software-based, such as ‘soft’ tokens that run on any standard computer. As the name suggests, token credentials are used to access protected resources. In the case of FIM, a user’s token is used to access a resource on a server, for example a web site. This is known as ‘single sign-on’ (SSO). Token credentials also help to protect the user’s identity when accessing FIM protected resources. This is called ‘identity assurance’ or ‘identity protection’, and it ensures that an individual using an FIM protected resource has been issued with an authentic token credential.
Here are some of the main ways in which FIM and token credentials work together…
1. You must have the right token
2. You can only use the right method of accessing a resource
3. If the token is compromised, you can still access the resource
4. A compromised token doesn’t allow access to other users’ resources
5. A compromised token provides no proof that you are who you say you are
6. If a legitimate user is denied access to a resource because their token has been compromised, this helps to protect that user from fraudulent use of their identity
How does FIM help reduce the risk of information breaches, and why is it becoming increasingly popular among businesses and organizations of all sizes?
Token credentials provide the security measures needed to ensure that only those who have a legitimate need to access a resource are actually able to do so. FIM can also be used to reduce the risk of information breaches when it is configured in conjunction with other security measures such as encryption, firewalls and perimeter defences, and user authentication systems.
Consider, for example, a typical employee of a business. A token issued to the employee by the company is used to authenticate the employee’s identity and to provide access to secure systems. The token is typically generated by an identity provider, which may be a separate entity such as a bank. This ensures that no one can pretend to be someone else and get unauthorised access. This reduces the risk of information breaches, since the employee cannot be tricked into providing their username and password to a potential attacker.
What are some of the key benefits of using FIM for authentication and authorization, and how can it improve security for online users overall?
FIM can be used to provide authentication and authorization for the user. Through FIM, you can control access across your enterprise by authenticating users and authorizing them to access specific resources. For example, FIM can be used to grant access to resources such as computers, phones and networks. You can also configure a user workflow that enables the user to define his or her tasks while accessing the network. Such workflows enable you to specify that a user have access to a particular application at certain times of day when he or she is available before allowing him or her access at other times of the day, for instance. You can enable the user to set his or her own tasks for the day and have the system check off each task as it is completed.
Another way FIM can improve security for online users is by providing for multifactor authentication. Multifactor authentication requires that a person present two or more separate items to authenticate himself or herself, such as a password (something you know), a voice or fingerprint identification (something you are) or an account number remembered from a token device (something you have). Using multifactor authentication can help prevent or detect unauthorized network access.
How does token credentialing play a role in FIM, and what are some of the most common types of tokens used today?”
Token credentials refers to the physical token technology or software based tokens which are implemented in either hardware or software. A token credential is a cryptographic device or program to overcome the pitfalls of traditional password systems by providing a constant, secure, and unique proof of identity. In other words, token credentials make it easier for each user to prove that they are who they say they are. We can use a token to access resources. The most common types of crypto tokens used today are smart cards, USB tokens and soft tokens. Smart cards have become the most popular type, although they are becoming less common and more expensive due to the increasing complexity of security features offered by these devices. Again, we must be aware that some users may still be using passwords in lieu of these new systems as certain applications do not support smart cards or software based token credentials.
There are different types of token credentials currently in use today. Extranet applications, Intranet applications and the Internet Radio, are examples of how all these types of systems work together to provide a federated identity management (FIM) architecture.
