Features, advantages and benefits
|Rather than having to enroll third-party users into a company's internal identity systems, federated identity management enables IT service providers to offload the cost of user administration to their business partner companies||Since the business partner company acts like an identity provider, the service provider does not have to take on the burden of user administration costs such as user enrollment, account management, password management, password reset, help desk, or customer care costs||Helps to reduce administration and provisioning costs: Managing identities for third-party users can be a manual, cumbersome, and costly proposition that depletes critical IT resources|
|FIM facilitates "straight through processing" techniques because the identity provider does not have to replicate or stage business processes on behalf of a service provider||By employing Tivoli Access Manager for e-business (included with FIM), FIM is able to provide integrated session management, significantly facilitating inter-company transactions. With a federated identity model, identity providers have an opportunity to streamline inter-company transactions, thereby reducing costs, and simplifying integration||Simplified Integration: Integration is simplified because there is a common way to share identities between companies and manage user sessions|
Helping businesses collaborate securely
IBM Tivoli® Federated Identity Management (FIM) provides a simple, loosely-coupled model for managing identity and access to resources that span companies or security domains. Rather than replicate identity and security administration at both companies, Tivoli Federated Identity Manager provides a simple model for managing identities and providing them with access to information and services in a trusted fashion. For companies deploying Service Oriented Architecture (SOA) and Web Services, FIM provides policy-based integrated security management for federated Web services. The foundation of FIM is trust, integrity, and privacy of data.
On this foundation, organizations can share identity and policy data about users and services. The sharing of trusted identities and policies is the key to delivering a richer experience for users navigating between federation sites. Trust enables companies to loosely couple their disparate identity management systems.
A federated model simplifies administration and enables companies to extend identity and access management to third-party users and third-party services.
New for Version 6.1, Tivoli Federated Identity Manager now offers support for z/OS®.
Now with support for z/OS, Tivoli Federated Identity Manager will help ensure secure transactions across mainframe and distributed environments using SOA and Web services technology. FIM provides added security protection, identity management capabilities and built-in compliance tools.
FIM enables customers to control access to applications based on the user's role in the organization (e.g., IT manager or HR manager). The software extends IBM's IT service management portfolio, which enables companies to reduce technology complexity through automation and process integration.
Tivoli Federated Identity Manager offers significant help in:
Companies that choose to collaborate in identity-based business processes may benefit from Tivoli Federated Identity Manager's ability to help:
For the business executive:
For the IT executive:
IBM Tivoli Federated Identity Manager Roles
In a federated identity management scenario, organizations assume the role of an identity provider or a service provider. These roles are not mutually exclusive. Many large organizations will assume the role of both identity provider and service provider.
An identity provider; is an organization that directly manages end users. An identity provider is the authoritative source for issuing and validating user identities and network credentials for a set of users; an identity provider "owns the user relationship". For example, many companies act as identity providers for employees, customers, and contractors. Identity providers "vouch" for the user identity and their entitlements in a federated interaction with service providers. So, the "identity provider" role can be thought of as an authentication authority.
A service provider provides "services" for end users. They typically do not have a vested business interest in managing the user. Service providers act as a "relying party" to validate credentials issued by a trusted identity partner, on the basis of which they provide services to that trusted identity.
In a service-oriented architecture (SOA) environment the following additional roles apply: