根据维基百科的解释,身份联盟的定义原文如下:
————————
Identity federation
As the name implies, identity federation comprises one or more systems that federate user access and allow users to log in based on authenticating against one of the system participating in the federation. This trust between several systems is often known as "Circle of Trust". In this setup, one system acts as the Identity Provider (IdP) and other system(s) acts as Service Provider (SP). When a user needs to access some service controlled by SP, he/she first authenticates against the IdP. Upon successful authentication, the IdP sends a secure "assertion" to the Service Provider. "SAML assertions, specified using a mark up language intended for describing security assertions, can be used by a verifier to make a statement to a relying party about the identity of a claimant.
译文如下:
身份联盟包括一个或多个共享用户访问权限的系统,允许用户在联盟中的一个系统完成身份认证后可登录联盟中的其他系统。多个系统之间的信任通常被称为“信任圈”。在这种设定中,联盟中的一个系统充当身份提供方(IdP),而其他系统作为服务提供方(SP)。当用户需要访问由SP控制的一些服务时,他/她首先向IdP进行身份认证。认证成功后,SP会收到IdP发送的一个安全断言,从而提供服务。SAML断言可被验证方用于向一个依赖方做出关于某个用户身份的陈述。
———————
简单地说,只需要一个IdP + 一个SP即可构成一个身份联盟,即一个“信任圈”。
扫一扫
536
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
