Federated Identity Management Implementation Services

While a PKI is a good basis for collaborative identity management, it is not a complete and self-contained solution to all security issues. As presented in our introductions to PKI and Federated Identity Management, applications need to know more about a user than just their name to make adequate access control decisions. Managing a user's attributes, and the secure propagation of those attributes is precisely the role that Federated Identity Management is meant to fill. Carillon's experience and participation in the development of the TSCP standards puts it in an excellent position to help you with your implementation effort, however large your target is.

 An example of a simplified Federation
Implement Aerospace Community Federated Identity Management Standards:

As with PKIs, a large fraction of the work resides in implementing the standards and establishing processes and procedures that fit the needs and constraints of your specific environment. We can help you with:

  • Implementing the TSCP Document Sharing with Identity Federation (DSIF)
  • Determining Return on Investment (RoI) and building business cases
  • Federated Identity Management requirements gathering
  • Federated Identity Management standards integration
  • Federated Identity Management project milestones and timelines
  • Federated Identity Management project costs and resources
  • Development of Federation Policy Management Authority charter
  • Policy and procedure planning
  • Development of Federation Policy
  • Development of Federation Practice Statements
  • Determination of technological components
  • Transitive Trust Identity Federation implementations
  • Federation Policy mapping with external policies
  • Pre-audit planning
Training and Awareness:

Transitioning from existing username and password-based access control schemes to one based on credentials and attributes simplifies operations for users and administrators alike, but requires certain changes in habits and mindsets. We can help with this process by preparing supporting material for trainings and seminars, and also by giving those trainings and seminars:

  • Federated Identity Management fundamentals
  • Developer training
  • Administrator training
  • User training
Migration of Existing solutions to attribute awareness
  • XACML integration
  • Cardspace integration
  • Building an Identity Provider system
  • Integrating federated attribute management in existing applications
  • Technical support and adaptation services for the Carillon Identity Federation Management infrastructure-enabling tools