Skip to main content

FPX Overview

The IDENTOS Federated Privacy Exchange (FPX) network was built to put people in control of their privacy and reduce silos for a connected online experience. FPX is a next generation Identity and Access Management (IAM) technology platform, providing digital authentication, authorization, and governance to enable trusted ecosystems and complex integrations across a jurisdiction - not just inside an enterprise. Enabled by, and extending User Managed Access (UMA) 2.0, FPX allows users to control the flow of their data between trusted partners, while partners gain value by easily joining and gaining access to ecosystems of users, data stores, and services.

FPX Value Proposition

  • Security: Reduce honey pots of user data, and leverage open standards to provide security by design, not security by obscurity.
  • Confidential data blinding: Ensure only the components involved in sharing user data ever see it.
  • Strong governance built in: Only approved partners can join the network and they can only request and share data approved by the network administrators.
  • Simplified connections: Clients can request general data types and allow the user to select the appropriate data sources to provide each data type, increasing flexibility and decreasing tight coupling between Clients and Resource Servers.
  • User controlled sharing: Users are at the center of the FPX network. User data is not shared without their explicit, auditable consent.

What do I need to run and administer an FPX Network

  • An Authorization Server to connect Partners and control their access to the network.

  • An Authorization Admin Server to configure the Authorization Server and govern the network.

  • A Wallet Server to act on behalf of end-users.

  • Connection to a Resource Server that holds user records and delivers them upon request by the Client once all required identity and scope validation checks are successfully met.

  • A Client that will request protected/secure resources from the Resource Server on the user’s behalf once authorized to do so by the resource owner (user).