Each partner in a federation has a role. The role is either Identity Provider or Service Provider. An identity provider is a federation partner that vouches for the identity of a user. A service provider is a federation partner that provides services to the user.
The Identity Provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.
The identity provider handles the management of user identities to free the service provider from this responsibility.
Typically, service providers do not authenticate users but instead request authentication decisions from an identity provider. Service providers rely on identity providers to assert the identity of a user and certain attributes about the user that are managed by the identity provider.
Service providers might also maintain a local account for the user, along with attributes that are unique to their service.
Service providers can maintain a local account for the user, which can be referenced by an identifier for the user.
Some federation protocols use different terminology to refer to the service provider role:
The Information Card protocol specification uses the term Relying Party to describe the service provider role. Select the Service Provider role for your Relying Party when you configure the Information Card federation in the Tivoli® Federated Identity Manager wizard.
The OpenID protocol specification uses the term Consumer to describe the service provider role. Select the Service Provider role for your Consumer when you configure the OpenID in the Tivoli Federated Identity Manager wizard.
Before installing Tivoli Federated Identity Manager, you must know whether to assume the identity provider or the service provider role in each of the federations to configure. You must also understand the point of contact server options for your role.