The majority of user authentication schemes today still use userid and password. The burden to users of managing large numbers of userids and passwords has led to proposals for Federated Identity systems, where a single set of credentials can be used to authenticate with several organisations, which have agreed to work together as a federation. An additional problem is the ease of capturing userid/password credentials, but this will not be further considered in this paper. Identity Management requirements in the digital world are well researched, and many solutions are available in today’s marketplace. This paper does not aim to review or validate the existing body of wisdom on requirements that are common to this general topic1, or to assess the relative merits of specific solutions. Our focus in this paper is those aspects of Identity Management which have significance in de-perimeterised environments. Core to this focus is Federated Identity. The Federated Identity approach has been proposed for business-to-business service provision for employees, where one organisation manages the user credentials and authorisation to systems run by the other organisation.