The Penrose Project

• Overview
  • News
  • FAQ
  • Features
  • Licenses
  • Download
  • Demo
• Documentation
  • Quick Start
  • Version 1.2 (in development)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Version 1.1 (stable)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Use Cases
  • Community Wiki
• Developer
  • Nightly Builds
  • Code Repository
  • Road Map
  • Change Log
  • Project Management
• Support
  • WebChat
  • Forum & List
  • Bug/Feature Tracker
  • Team
  • Contact

Federated Identity

One of the goals of federation is to provide a global sign-sign on for the end users. Identities from multiple organizations must be shared. As a consequence, federation projects must now work together with other companies while dealing with internal federation issues (involving the integration of internal identities). A Virtual Directory Server solves these common barriers when it:

Acts as an Authentication Server

In federation, a user can sign on to a trusted server to get a security token (identifier). This Authentication server has to aggregate multiple identities from possibly many external sources.

Acts as an Attribute Server.

Federation, involves the association of your various accounts from site to site. A small identifier containing a minimal set of information about you maintains the associations. Exposing this minimal attribute, requires an attribute server to allow sites to obtain more information about the user based on the token held by the attribute. The challenge of building an attribute server rests in the ability to search all attributes from external databases/directories quickly. Virtual directories dynamically access and store entries within a cache engine to aggregate user attributes from various places.

Acts as an Authentication Authority Server

Virtual directory can bring in various policies from different data sources.