Is it accurate to state Identity federation is a subset of SSO or vice versa?
-
Identity Federation Vs. SSO
-
Razmik,
I hope all is well. I would not say that either is a subset of the other. SSO is not reliant on Federation, although it can be extended to Federated partners as part of the architecture of a Federation relationship.
Federation implies the use of SSO ultimately as an outcome of the process of Federation, perhaps as a byproduct, BUT Federation itself is the process of extending trust to an external third party, allowing them to access one or more internal systems as a result of the Federation relationship. Whether they will use SSO to do so is dependent on the choices made as part of the Enterprise Security Architecture of the party extending the offer to Federate in the first place.
While SSO is ubiquitous today, and would most likely be used in almost any scenario, it is not necessarily the only way to go, and may indeed not be the mechanism chosen for authenticating Federated users under certain circumstances, such as the need to access highly compartmentalized and secured infrastructure.
Hope that helps.
Cheers,
Adam