Identity Federations Beyond the Web: A Survey

Internet service providers have, in recent years, adopted identity federation technologies with a high degree of success. A typical Internet user will regularly use these in her daily use of the Internet, even if she does not notice it. For example, she will use these technologies when publishing a picture in Flickr, when sharing it with her friends in her Facebook wall, when she performs a roaming telephone call over the 3G network, or when she obtains access to the eduroam network at her university. Until recently, identity federation technologies were mainly applicable to web and network access services. However, the proliferation of new emerging infrastructures, such as the cloud and grids, is motivating service providers to consider new solutions capable of satisfying identity federation for any almost kind of Internet service (SSH, NFS, SMTP, Cloud, Grid, etc.). This has been called identity federation beyond the Web. International projects and standardization bodies have also been considering ways to satisfy this urgent need. This paper describes the unmet requirement for federating any other kind of (non-Web-based) Internet service. In particular, it provides a detailed survey of the two main proposals, i.e., Application Bridging for Federated Access Beyond Web (ABFAB) and Federated Kerberos (FedKERB), which are currently discussed to provide a solution for this new type of federation, known as Identity Federations beyond the Web. Finally, this paper shows a fair comparison between both alternatives.