A message meta model for federated authentication in service-oriented architectures

The goal of federated authentication is to identify a user or entity in different security domains without the need for redundant user management and a multitude of credentials. Federated authentication is becoming more important with the increasing popularity of service-oriented architectures, since interacting systems are generally not located within a single security domain. For this reason, companies have formed initiatives to develop standard protocols, which have led to the evolution of several specifications that each provide the means for federated authentication in homogeneous environments in which all federation partners use the same standard. In this paper, we raise a critical question: Can federated authentication also be achieved in ¿heterogeneous¿ environments in which federation partners use different standards? After evaluating established standards and identifying similarities, we propose a meta model that describes federated authentication on an abstract level. We validate the model against the standard protocols and present a concrete implementation. Our aim is to enable federated authentication across different standards.