When your identity provider goes down, your applications don’t fail — access does.
- Users can’t log in
- Cross-organisation collaboration breaks
- Mobile devices lose sessions
- Critical services stop — even though they’re still running
MIF exists to prevent that.
Multi Identity Framework (MIF) is an open architectural framework for:
- identity continuity
- multi-provider federation
- controlled fallback
- policy-driven resilience
Instead of applications trusting a single identity provider directly, they trust a control layer that can:
- integrate multiple identity sources
- issue its own trust tokens
- survive upstream outages
- enforce fallback rules safely
[ Applications ]
↓
[ MIF (Control Plane) ]
↓
[ Entra | Google | eID | Local Identity ]
Applications trust MIF MIF orchestrates identity across providers
Modern systems are increasingly dependent on a small number of identity providers.
This creates:
- ❌ single points of failure
- ❌ vendor lock-in
- ❌ fragile cross-org federation
- ❌ no safe degraded mode
When identity fails — everything above it fails.
- Multi-provider identity federation
- Identity abstraction for applications
- Controlled fallback during outages
- Signed, time-bound identity continuity
- Policy-based access under degraded conditions
- Full auditability of identity decisions
- ❌ Not a replacement for Entra / Google / Okta
- ❌ Not a universal identity database
- ❌ Not a “single identity authority”
- ❌ Not a surveillance system
MIF is a control plane, not an identity monopoly.
- Increasing reliance on cloud identity platforms
- Real-world outages impacting access (not systems)
- Cross-organisation identity fragility
- Regulatory and sovereignty concerns
- Growing need for operational resilience
A service depends on a cloud identity provider.
A federation issue occurs.
- Users cannot authenticate
- Systems remain operational
- Services become inaccessible
With MIF:
- Identity can be validated via alternate provider or snapshot
- Access continues in controlled degraded mode
- High-risk actions remain restricted
Multiple upstream providers:
- Enterprise (Entra, Google, Okta)
- National identity (eID, tax systems)
- Local directories
Signed, time-bound identity states used for continuity.
Not a cache — a controlled fallback artifact.
Explicit operating states:
- Normal
- Degraded
- Partitioned federation
- Emergency continuity
Controls:
- what fallback is allowed
- for how long
- for which systems
- under what assurance level
MIF can start small.
Example:
- Keycloak / Authentik as federation layer
- 2 identity providers (e.g. Entra + local)
- Snapshot service
- Policy engine
- One application trusting MIF
Simulate provider outage → observe continuity behaviour
mif/
├─ docs/
├─ schemas/
├─ examples/
├─ prototype/
└─ README.md
Identity is becoming the hidden dependency behind everything:
- communication
- collaboration
- public services
- enterprise systems
When identity breaks, everything appears broken.
MIF introduces:
continuity without abandoning existing identity providers
This is an open discussion.
Looking for input on:
- architecture
- threat model
- trust model
- governance concerns
- privacy implications
- real-world applicability
MIF is an open framework for resilient, policy-governed identity continuity across multiple identity providers.
Early-stage concept and draft specification.
Issues, discussions, and critiques are welcome.
Especially from:
- identity engineers
- security architects
- public-sector technologists
- anyone who has experienced identity outages
Multi Identity Framework