Page tree

Federated Identity Service (FIS) Overview


Exostar's Federated Identity Service (FIS) is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar's Managed Access Gateway (MAG) platform.  FIS minimizes risk and assures resources and intellectual assets are protected over the extended enterprise.  Because it is operationally modeled after, and is compliant with CertiPath (the PKI cross-certification bridge) security policies and federal best-practice guidelines, FIS is ideal for enabling sensitive online transactions and secure access to information.

Certificate Types

  •  Authentication/Identity:  Digital certificates can be used to prove identity and to allow access to online services (similar to a driver’s license in the non-online world).

  •  Signature:  Digital certificates can be used to sign electronic documents, proving data has been authored by an individual and not been tampered with (similar to a wet ink signature   and wax seal).
  •  Encryption:  Digital certificates can be used to encrypt sensitive data preventing non- authorized parties accessing it (similar to a key to a safe).

Assurance Levels

Exostar issues certificates with varying assurance (strength) levels.  The strength of a certificate directly corresponds to the level of proof required to obtain a particular certificate and the security used to store the private key associated with the certificate.


  • When a user downloads a BLOA Digital Software Certificate, an Identity Certificate is installed to the user’s hard drive. 
  • When a user downloads MLOA Digital Certificates, the user has to complete in-person proofing. 
  • For MLOA Software Digital Certificates, all three certificate types are installed to a user’s hard drive. 
  • For MLOA Hardware Digital Certificate, all three certificate types are installed onto a USB token.

Exostar's Secure Email Service is an end-to-end solution which enables customers to rapidly deploy SecureEmail without infrastructure or technology investments in PKI.  The service is supported by Exostar's member-only hosted LDAP proxy to provide certificate look-up for our members and a range of digital certificates.

Exostar LDAP Proxy is designed to automate the process of discovery of end user encryption certificates to support secure email.  It is a members-only service.

Click the arrows below to read further about the overall FIS BLOA and MLOA processes, benefits, and roles available to users.

Please select the images to enlarge:



  • Accelerates deployments with open, standards-based protocols and certificate policies that enable identities/entitlements to be shared across systems/domains.
  • Assures identity validity via integrated, multi-layered security and authentication practices.
  • Meets critical technical and regulatory requirements.
  • Encourages rapid adoption of PKI-enabled services by partners, customers and suppliers through seamless interoperability with Intranets, Extranets and VPNs.

Authorized Officer:  Executor of the contract and designator of the FIS Administrator.

FIS Administrator:  This role is the same thing as an Application Administrator, just for the FIS application in particular.  The FIS Administrator manages FIS-related activities for users within their organization.  For more information, see the FIS Administrator Responsibilities page.

How useful was this content?

Your Rating: Results: 1 Star 2 Star 3 Star 4 Star 5 Star 28 rates

News and