In FIG. 8, a diagram of identity policies 800 is shown, according to an example embodiment. Identity policies 800 includes a trustframework based identity policy 802 (“policy” 802), a customer/tenant base identity policy 804 (“policy” 804), and a customer/tenant application identity policy 806 (“policy” 806). As shown, policy 806 corresponds to a specific application of an application service provider (e.g., a customer or a tenant) and is modified/extended from policy 804. An application service provider may have one or more of policy 806 for different applications. Policy 806 may be authored by providers of the IEF, as described herein, and/or by administrators of the application service provider, and may be referred to as a relying party policy. In embodiments, policy 806 may specify the exact user journey, token semantics with respect to identity claims, and a token lifetime, as well configure the verification UI page customizations.
Policy 804 corresponds to a specific application service provider (e.g., a customer or a tenant) and is modified/extended from policy 802. Policy 804 may serve as a base policy for any number of applications of the application service provider, and in embodiments an application services provider (e.g., a customer or a tenant) may have a single policy 804. Policy 804 may be authored by providers of the IEF, as described herein, and/or by administrators of the application service provider. For instance, policy 804 may be modified/extended from policy 802 to include instantiations of specific social network IdP metadata and/or user attributes, as well as the relying party policies that are invoked by a relying party.
