Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Exostar's Federated Identity Service (FIS) is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar's Identity and Access Management (IAM) Platform (formerly known as MAG). FIS minimizes risk and assures resources and intellectual assets are protected over the extended enterprise. Because it is operationally modeled after, and is compliant with CertiPath (the PKI cross-certification bridge) security policies and federal best-practice guidelines, FIS is ideal for enabling sensitive online transactions and secure access to information.

Digital Certificate Types

  • Authentication/Identity:  Digital certificates can be used to prove identity and to allow access to online services (similar to a driver’s license in the non-online world).

  • Signature:  Digital certificates can be used to sign electronic documents, proving data has been authored by an individual and not been tampered with (similar to a wet ink signature and wax seal).
  • Encryption:  Digital certificates can be used to encrypt sensitive data preventing non- authorized parties accessing it (similar to a key to a safe).

Certificate Assurance Levels

Exostar issues certificates with varying assurance (strength) levels.  The strength of a certificate directly corresponds to the level of proof required to obtain a particular certificate and the security used to store the private key associated with the certificate.

  • Basic Level of Assurance (BLOA):  Does not require in-person identity check (no proofing required) and is stored on a user’s hard drive.
  • Medium Level of Assurance (MLOA) Software:  Stronger than BLOA and requires in-person identity check (in-person proofing required) and is stored on a user’s hard drive.
  • Medium Level of Assurance (MLOA) Hardware:  Stronger than MLOA Software and requires in-person identity check (in-person proofing required) and is stored on a USB Security Device (token).

When users download a BLOA Digital Software Certificate, an Identity Certificate is installed to the user’s hard drive. When a user downloads MLOA Digital Certificates, the user has to complete in-person proofing. For MLOA Software Digital Certificates, all three certificate types are installed to a user’s hard drive. For MLOA Hardware Digital Certificate, all three certificate types are installed onto a USB token.

Exostar's Secure Email Service is an end-to-end solution which enables customers to rapidly deploy SecureEmail without infrastructure or technology investments in PKI. The service is supported by Exostar's member-only hosted LDAP proxy to provide certificate look-up for our members and a range of digital certificates.

Exostar LDAP Proxy is designed to automate the process of discovery of end user encryption certificates to support secure email. It is a members-only service.

System Check

To run a system check, please go here.


News and Announcements

Quick Reference

For more detailed information by topic, select from the buttons below to access the applicable content. 

Rollover Image Link
imageget started.png
pageFederated Identity Service (FIS)
Rollover Image Link
pageFederated Identity Service (FIS)
Rollover Image Link
pageFederated Identity Service (FIS)
Rollover Image Link
pageFederated Identity Service (FIS)
Rollover Image Link
pageFederated Identity Service (FIS)





  • Accelerates deployments with open, standards-based protocols and certificate policies that enable identities/entitlements to be shared across systems/domains.
  • Assures identity validity via integrated, multi-layered security and authentication practices.
  • Meets critical technical and regulatory requirements.
  • Encourages rapid adoption of PKI-enabled services by partners, customers and suppliers through seamless interoperability with Intranets, Extranets and VPNs.

Roles and Responsibilities

Authorized Officer: Executor of the contract and designator of the FIS Administrator.

FIS Administrator: This role is the same thing as an Application Administrator, just for the FIS application in particular. The FIS Administrator manages FIS-related activities for users within their organization. For more information, see the FIS Administrator Responsibilities page.