Lesson 1 of 15
FoundationΒ·Lesson 1

🌐 What is Federation?

Why federation exists and what problem it solves

The Problem

Imagine a world where every application that needs to verify a user's identity must establish a direct, individual relationship with every identity provider. With 5 apps and 4 identity providers, that's 20 separate connections to configure, secure, and maintain.[1] As the ecosystem grows, the number of bilateral relationships explodes β€” it's an N Γ— N problem.

OpenID Federation solves this by introducing a trust hierarchy.[2] Instead of every entity connecting to every other, entities join a federation where trust is mediated by a Trust Anchor β€” a trusted third party at the top of the hierarchy. Intermediates can further delegate authority, creating a clean, scalable tree.

See the Difference

Without federation: chaotic connectionsApp 1App 2App 3App 4App 5IdP 1IdP 2IdP 3IdP 4Without Federation β€” Every entity connects to every other (N x N)

Key Takeaway

Without federation, trust relationships grow as N Γ— M (every app times every identity provider). With federation, entities only need to trust the hierarchy β€” turning it into a linear problem.[3]

Key Terms Introduced

Multilateral Federation
Abstract
Federation where bilateral agreements are impractical; trust is mediated by a trusted third party.
Entity
Section 1.2
Something with separate and distinct existence that can be identified in a context.
Entity Identifier
Section 1.2
A globally unique URL using the https scheme. MAY contain port or path, MUST NOT contain query or fragment components.
Trust Anchor
Section 1.2
The top-level authority in a federation. Every Trust Chain ends at a Trust Anchor. Represents a trusted third party.
Trust
Section 1.2
Cryptographic assurance verified through signed statements up a chain of authority.
Scalability
Abstract
Federation turns the N-squared bilateral problem into a linear, hierarchical one.

Sources & References

  1. OpenID Federation 1.0, Abstract β€” Multilateral Federation
  2. OpenID Federation 1.0, Section 1.2 β€” Terminology
  3. OpenID Federation 1.0, Section 4 β€” Trust Chain