Embodiments of the present invention provide a circle of trust on a
network. The circle of trust is configured by exchanging credential of a
first and a second affiliated entity. The credentials of the first
affiliated entity is stored in a trusted partner list of the second
affiliated entity. The credentials of the second affiliated entity is
stored in a trusted partner list of the first affiliated entity.
Thereafter, a circle of trust session may be provided when a client
device initiates use of a resource on a relying party device by providing
an authentication assertion reference. The identity of the issuing party
of the authentication is determined as a function of the authentication
assertion reference. The relying party sends an authentication query
containing its credential to the issuing party. The issuing party
determines if the relying party is a trusted entity based upon whether
the relying party's credential is contained in the trusted partner list
of the issuing party.