An identity federation (or just federation) is a collection of organizations that agree to interoperate under a certain rule set. This rule set typically consists of legal frameworks, policies and technical profiles and standards. It provides the necessary trust and security to exchange identity information to access services within the federation.
Some federations also distinguish the organisations that participate. Often there are federation members (e.g. universities and research institutes), which operate services and provide identities, and federation partners (e.g. commercial companies that offer services to higher education users), which only operate services.
In the context of SAML-based federations, there are the following technical components:
- Identity Provider (IdP): The system component that authenticates a user (e.g. with username and passwords) and issues identity assertions on behalf of the user who wants to access a service protected by a Service Provider.
- Service Provider (SP): The system component that evaluates identity assertions from an Identity Provider and uses the information from the assertion for controlling access to protected services.
- Discovery Service(DS): The Discovery Service service, also known as "Where Are You From (WAYF)" service, lets the user choose his home institution from a list and then redirects the user to the login page of the selected institution for authentication.
How many academic identity federations are?
To get an up-to-date answer for this question, please refer to the REFEDS federations page. REFEDS is a group of Research and Education FEDerations funded mostly by a few National Research and Education Networks and the Internet Society.