How does it works
IDEM: How Digital Identity Works
IDEM operates within the education and research community connected to the GARR network, supporting the adoption of a common framework for accessing online resources. IDEM is an identity federation based on the SAML (Security Assertion Markup Language) standard, a technology that enables the exchange of authentication and authorization data (assertions) between distinct security domains known as identity providers (entities that supply identity information) and service providers (entities that provide services). The format of SAML assertions is based on XML.
The use of the SAML standard is specifically designed to address the problem of Web Single Sign-On (SSO).
Thanks to the federation service, Identity Providers can offer their users SSO mechanisms and privacy protection, while Service Providers can achieve better access control over protected resources by eliminating the need to manage user accounts, which is delegated to the identity management systems of the Identity Providers.
click to enlarge
Federated Access in Practice
A user connects to a web resource offered by a third-party service provider — for example, an electronic journal consultation service from a specific publisher. By selecting the "Institutional Access" login option, the user is redirected to the login page of their home institution and uses their institutional credentials, the same ones used to access internal services.
After a successful authentication, the institutional identity system transmits the user's identity to the service provider, represented by a minimum set of attributes. The service provider uses this information to authorize the user to access the web resource.