Each partner in a federation has a role. The role is either Identity Provider or Service Provider.
An identity provider is a federation partner that vouches for the identity of a user. The Identity Provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.
The identity provider either directly authenticates the user, such as by validating a user name and password, or indirectly authenticates the user, such as by validating an assertion about the user's identity as presented by a separate identity provider.
The identity provider handles the management of user identities in order to free the service provider from this responsibility.
A service provider is a federation partner that provides services to the end user. Typically, service providers do not authenticate users but instead request authentication decisions from an identity provider. Service providers rely on identity providers to assert the identity of a user, and typically certain attributes about the user that are managed by the identity provider. Service providers may also maintain a local account for the user along with attributes that are unique to their service.
Service providers can maintain a local account for the user, which can be referenced by an identifier for the user.
Some federation protocols use different terminology to refer to the service provider role:
The Information Card protocol specification uses the term Relying Party to describe the service provider role. When you configure the Information Card federation, using the Tivoli® Federated Identity Manager wizard, you will choose the Service Provider role for your Relying Party.
The OpenID protocol specification uses the term Consumer to describe the service provider role. When you configure the OpenID, using the Tivoli Federated Identity Manager wizard, you will choose the Service Provider role for your Consumer.
Before installing Tivoli Federated Identity Manager, you will need to know whether you will be the identity provider or the service provider in each of the federations that you will configure. You will also want to understand the point of contact server options for your role.