Along with the emerging various application system, federation becomes a must in recent information construction. Government, college and enterprise that have many information systems face a big problem of identity management after a federation is established. This situation is further intensified by Internet security threat for identity information has to be transferred in order to authenticate and authorize. In this paper we propose an organization-oriented model of federation identity management. Aim to simplify identify management process, we consider application user and operating system user and design a unified user attribute structure. Facing organizationpsilas hierarchy framework, our design should be realized in LDAP, which is competent for level structure. And we also propose a solution to implement the model to federation situation. Part of the model has been realized in an actual identify authentication system.