Federated Authentication

  • Frank J. Manion
  • William Weems
  • James McNamee


Federated Authentication and Authorization is an emerging technology with the potential to facilitate seamless access to information from a variety of providers. Within this chapter we summarize the key concepts, technologies, protocols, and national and even international structures that are being developed to support federated security. We start with the environmental drivers that are stimulating this technology to develop. We then discuss two major approaches to federated security: those based on assertion-based identity and assurance and those based on public key infrastructure. In the second part of the chapter, we discuss the three major components required for development of federated authentication systems: the representation of identity in cyberspace, the manner in which credentials or identity tokens are made available to users, and the required governance processes supporting these concepts. The chapter concludes with a brief overview of the emerging national-scale infrastructure in the form of identity federations, and we present a brief background on these initiatives and the tools and local infrastructure required for joining them.


Personal Attribute Learning Management System Physical Identity Physical Person Service Provider Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Burr WE, Dodson DF, Polk WT (2006) NIST Special Publication 800-63 Version 1.0.2. Electronic authentication guideline. US Department of Commerce, National Institute of Standards and Technology. Accessed 28 September 2009
  2. Chadwick DW (2006) Authorisation using attributes from multiple authorities. In: Proceedings of the Fifteenth IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises, pp 326–331. doi: 10.1109/WETICE.2006.22
  3. Fishbein EA (1991) Ownership of research data. Acad Med 66(3):129–133PubMedCrossRefGoogle Scholar
  4. Foster I (2006) Globus toolkit version 4: software for service-oriented systems. In: IFIP international conference on network and parallel computing, LNCS 3779. Springer, Berlin, pp 2–13Google Scholar
  5. Langella S, Oster S, Hastings S, Siebenlist F, Phillips J, Ervin D, Permar J, Kurc T, Saltz J (2007) The Cancer Biomedical Informatics Grid (caBIG) security infrastructure. AMIA Annual Symp Proc 2007:433–437Google Scholar
  6. Loshin D (2002) Knowledge integrity: data ownership (Online) June 8, 2004. Accessed March 2009
  7. Manion FJ, Robbins RJ, Weems WA, Crowley RS (2009) Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study. BMC Med Inform Decis Mak 9:31. doi: 10.1186/1472-6947-9-31
  8. Robbins RJ, Crowley R, Weems WA, Whitney D, Ransom M, Mathew G, Olivastro D, Chisti A, Manion FJ (2007) Technical implications generated by requirements discovered in caBIG™ security, privacy, and IRB interviews. Available at
  9. Weems WA, Robbins, RJ, Whitney D, Crowley R, Manion FJ (2007) caBIG™ Major governance and policy areas. Available at

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.University of Michigan Comprehensive Cancer CenterAnn ArborUSA

Personalised recommendations