Those who are reading this probably have information they need to share or a need to access information that someone else is providing. In these needs, there are several challenges. One is to make the information available in the first place, but more importantly, to make it available only to those who are entitled to access it.
The second part is about protection and security. Depending on the type of information, the need for protection varies. In some cases, the information may be public, and anyone should have access to it. Does this mean the information doesn't need protection? Of course not. We want everyone to be able to read our company's website, but certainly not alter it. Other information may be highly sensitive and should only be made available to authorized personnel.
Some systems and services have built-in support to ensure that only the right individuals can access the information. Often, these services only support a specific method, and additional costs arise for the purchase of items like SITHS cards or similar. At times, the service lacks sufficiently strong authentication to be legally used for sensitive information.
More commonly, the system or service relies on user control happening through a different means, typically under the control of the information owner (the customer). In practice, this often means that the service provider relies on the customer's authentication service, known as federation. There are several advantages to this. The customer can use the same login methods for multiple systems. The customer can set up access to multiple systems via a single login, known as single sign-on. The management of accounts and login methods is in the hands of the customer rather than the provider.
It is important to tailor the level of trust to specific needs. Depending on usage and formal requirements, the level of trust must vary. Information security classification should also be considered, and internal requirements should be established to meet the needs. In summary, it's about balancing security, user experience, and available resources to verify user identity with sufficient security.
You need an IdP (identity credential issuer), which can be purchased as a service or set up internally. It must support the necessary login methods and may need to participate in federations such as Skolfederation, SAMBI, and others. Its technical support should include SAML, OpenID Connect, VPN, and proxying to handle various systems and requirements.
Stockholm
Vasagatan 23
111 20 Stockholm
Helsinki
Ilmalantori 4,
00240 Helsinki, Finland
Borås
Nils Jakobsonsgatan 5D
504 30 Borås
Gothenburg
Kobbegårdsvägen 7
436 34 Askim
ID North AB
Vasagatan 23
111 20 Stockholm