Federation Security Services Guide › Federation Security Services Overview › Introduction to SiteMinder Federation Security Services

Introduction to SiteMinder Federation Security Services

The growth of business networks provides opportunities for businesses to form partnerships to offer enhanced services to employees, customers, and suppliers. However, these new business opportunities present the following challenges:

• Exchanging user information between partners in a secure fashion
• Establishing a link between a user identity at a partner and a user identity in your company
• Enabling single sign-on across partner Web sites in multiple domains
• Handling different user session models between partner sites, such as single logout across all partner Web sites or separate sessions for each partner Web site
• Controlling access to resources based on user information received from a partner
• Interoperability across heterogeneous environments, such as Windows, UNIX operating systems and various Web servers, such as IIS, Sun Java System (formerly iPlanet/Sun ONE), and Apache

SiteMinder Federation Security Services provides a solution to all these challenges.

Note: Federation Security Services is separately-licensed from SiteMinder.

Terminology for Partners in a Federation

This guide uses the terms asserting party and relying party to identify sides of a federated relationship.

The party that generates assertions is referred to as the asserting party. The asserting party can be:

• SAML 1.x producer
• SAML 2.0 Identity Provider
• WS-Federation Account Partner

The party that consumes assertions for authentication purposes is referred to as the relying party. The relying party can be:

• SAML 1.x consumer
• SAML 2.0 Service Provider
• WS-Federation Resource Partner

A site can be act as an asserting party (producer/IdP/AP) and a relying party (consumer/SP/RP).