Federated identity protocols like SAML and OpenID Connect enable us to authenticate people in other domains, but trust issues quickly surface. For example, if your organization operates a website with valuable content and someone you authenticated at another domain steals the content, what recourse do you have? If your organization operates an OpenID Provider (OP), and a relying party website (RP) is hacked, potentially exposing your account holders' personal information, do you expect to be notified? What rights do you have to update your personal information at identity providers or websites that you use? These related federated trust considerations are aptly described by Scott David, a legal identity scholar, as the ``triangle of trust'' (see Figure 10-1).
CITATION STYLE
Schwartz, M., & Machulak, M. (2018). Multiparty Federation. In Securing the Perimeter (pp. 337–363). Apress. https://doi.org/10.1007/978-1-4842-2601-8_10
Mendeley helps you to discover research relevant for your work.