Authorization and workflows
One of the strongest features of the Ubilogin eIDM is the ability to authorize other organizations or identities. In Ubilogin eIDM authorizations are very essential, as an identity is not usable without an authorization. Applications are modeled in Ubilogin eIDM and the roles the applications (SP - Service Providers) accept are documented. These roles are essential for the authorization process.
In the authorization process the extranet user admin authorizes someone to represent her company. Most authorizations of course occur within the same organization, where the extranet user admin will authorize her own employees to the available services by granting them roles (through the authorization event). These roles are then accepted by the end users, and by accepting the authorization the roles are activated for the end user.
In terms of risk management Ubilogin eIDM provides the additional layer of protection by delivering the option for the user authorization, and delivering this information to the applications and services. The service provider can separate the authentication from the actual authorization and improve access control by defining more fine grained access policies for the services.
Authorization information is also very important for auditing purposes, as it can be determined in what capacity the user was accessing the information. Ubilogin eIDM logs also reveal who granted those roles and when they were granted.