In the context of Identity and Access Management, is my understanding that Trust is between directory services and Federation is between IdP servers correct?
I have also come across terms that are specific to each, for example Transitive Trust (but not Transitive Federation) and Federated Service Provider.
To briefly answer your question, in order for a Federated Identity Management to work a trust must exist between SPs and IdPs.
Federated Identity Management separates account management from the service itself. Identity Providers (IdPs) act as the source of identity and account information for a user. That information can then be re-used across all services so that a user only has to remember one account name and password and SPs no longer need to spend time on account management. As I said, the SPs and IdPs have to trust each other for this approach to work. Typically this trust is made explicit by signing policies and contracts that describe the requirements and responsibilities of the IdPs and SPs. An Identity Federation is a collection of IdPs and SPs that have agreed to work together and trust each other.
Next to the trust, policies and contracts there needs to be agreement on how to communicate (identity information) between IdPs and SPs. Almost all Federated Identity Management Systems currently use the SAML2.0 protocol (Security Assertion Markup Language v2.0) to achieve this. An overview of a SAML login flow is shown below.
Note: You should stop using the term Federation as it implies something completely unrelated and can be miss-leading.
