All identity management consists of two fundamental processes:

1) identification -- that is, identifying individuals by assigning attributes to them that are relevant for a given purpose -- e.g., name, age, address, account number, credit history, gender, photo, etc.; and

2) authentication -- i.e., later verifying online that someone claiming to be a previously identified person is, in fact, such person.

The key difference with a federated model is that at least three roles are involved:

1) subjects -- i.e., the persons being identified;

2) the identity provider, the entity that identifies the subjects and makes an assertion regarding their identity to third parties; and

3) the relying parties -- the third parties that rely on those identity assertions for the purpose of granting subjects access to the services or resources they provide.

This allows one organization to rely on identity assertions coming from a separate organization.

A familiar offline example of the federated model can be seen when a TSA agent at an airport (a relying party) relies on the identity assertion regarding the name of a subject contained in a driver's license issued by a state (an identity provider) to determine whether to allow the subject into the boarding area.