In federated identity management, what is a key mechanism that enables trust between organizations?

Security assertions are the mechanism that enables trust between organizations in federated identity management. An identity provider issues a signed assertion that vouches for a user’s identity and, optionally, attributes. The service provider, which relies on that external identity, trusts the assertion because it’s signed by a known, trusted issuer and accompanied by federation metadata that both parties understand. This trusted statement allows seamless cross-domain authentication (single sign-on) without requiring direct access to each other's user databases, and it protects integrity and authenticity through digital signatures. In this framework, the assertion (the signed claim about who the user is and what they’re allowed to do) is the fundamental building block that links identities across organizations. Querying identity databases would bypass the federated trust model, and while sending authentication assertions is part of the process, the essential concept is the use of secure, trusted assertions.