Propagating Identity in SOA with Tivoli Federated Identity Manager

An IBM Redpaper publication

Published 08 January 2008

cover image

IBM Form #: REDP-4354-00
(50 pages)

More options


Authors: Axel Buecker, Neil Readshaw


SOA connects loosely coupled services to construct new applications. These services have their own user registries that are often administered in isolation from those of other services in the SOA environment. Users and service entities in a homogeneous environment are likely to have different identities in the various services that make up a composite application.

Establishing the identity of the service requester in each service request is a fundamental step in ensuring that business requirements, such as authorization, audit, and compliance, can be implemented. Identity services are required in the SOA infrastructure so that services can be easily interconnected with the correct identities being propagated.

A solution for the challenge of SOA identity propagation must be:
- Capable of understanding and operating with a variety of formats for representing identity
- Capable of translating between different identities
- Based on SOA principles itself to deliver a flexible, infrastructure-based solution de-coupled from application business logic
- Constructed using open standards to provide maximum interoperability with the platforms and systems on which SOA solutions are constructed

IT Architects responsible for designing secure SOA solutions can gain an appreciation for the importance of identity propagation in an SOA and how components of Tivoli Federated
Identity Manager provide an open and flexible solution for identity propagation in SOA. IT Specialists that are required to implement security infrastructure for SOA can learn how to
install the Tivoli Federated Identity Manager components that provide a secure SOA identity propagation solution.

Follow IBM Redbooks

Follow IBM Redbooks