As identity security (or lack thereof) is increasingly in the news, the term Identity Provider (IdP) has been coming up a lot lately in IT circles. But what is an IdP? Is it merely any platform that creates a user identity? Or must it provide a degree of identity management to be a true IdP? With identities at the core of IT security, it’s important that we both understand IdPs and the differences between them. With all that said, what exactly is the definition of Identity Provider?
In the most simple terms, an IdP is a database of user records that allows for authentication and authorization to various IT resources. In practice, it is the source of the username and password combination (could also include SSH keys and other forms of identity such as biometrics), with other user attributes that are stored within a database. IT resources can then leverage the IdP to authenticate user identities, and thus, authorize access. These IT resources can include systems, web applications, or file servers; all of which point toward the IdP as the source of truth for verifying user identities. While it may seem simple from the outset, not all IdPs are created equal, and modern IT realities have made the IdP space much more complex (and dangerous) than it was in the past.
The modern concept of the IdP was created in 1993 with the advent of LDAP (lightweight directory access protocol) by Tim Howes and his team at the University of Michigan. LDAP is a protocol designed for the exchange of information between databases of information (i.e. user attributes from usernames and passwords to addresses and telephone numbers) and systems and applications that need that information. This enables a user system to talk to the LDAP-based “database” and make a request. Via LDAP, the database may verify if a given identity is allowed access to the IT resource. Essentially, if the user is found in the directory, and the credentials provided match, access is granted to whatever that user is authorized to access.
Leveraging LDAP, two (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/definition-of-identity-provider/