Identity federations here and now
1 / 13

ppt - PowerPoint PPT Presentation

  • Updated On :

Identity Federations: Here and Now. David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke. Agenda. Brief Federation overview Higher Ed & Research federations in Europe US Federal eAuthentication federation InCommon: the US Higher Ed federation Inter-federation Q&A .

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'ppt' - andrew

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Identity federations here and now

Identity Federations:Here and Now

David L. Wasley

Thomas Lenggenhager

Peter Alterman

John Krienke


  • Brief Federation overview

  • Higher Ed & Research federations in Europe

  • US Federal eAuthentication federation

  • InCommon: the US Higher Ed federation

  • Inter-federation

  • Q&A


  • Otherwise independent entities that give up a certain degree of autonomy in order to achieve a common set of goals.

  • Working together requires

    • Common way to express meaning

    • Agreed upon ways to convey information

    • Acceptable governance and trust models

Identity federations
Identity Federations

  • Authenticate locally

    • Campus or other Identity Service Provider

  • IdP provides trustworthy needed identity information to Resource Providers

    • Part of access management decision

  • Trust established through Federation Operator by means of standards, rules, and participation agreements

Federations and trust
Federations and Trust

  • Requires common IdP and RP practices

  • Federation governance roles include

    • Establishing the rules

    • Overseeing adherence

  • Degrees of trust may be inherent/useful

    • Allows flexibility in IdP and RP services

  • What happens when trust is violated?

    • Liability and indemnification

Not all federations are the same
Not all Federations are the same ...

  • Identity federations may have different rules or constraints on identity release

    • For example in Europe ...

  • Some may choose to offer on-line services as well, or hold contracts for resources on behalf of members

  • Some are for specific business purposes or industries, etc.

Linking federations
Linking Federations

  • How can federations interoperate?

  • Information models must be compatible

    • Conversion may be difficult

  • Communication protocols

    • Gateways are hard

    • and may break trust models

  • Governance and trust models

    • Must be equivalent at some level

Governance linking federations
Governance & Linking Federations

  • Governance sets community standards

    • May need to enhance or redefine somewhat

  • Must uphold inter-federation agreement

    • Responsible for trust between federations

    • May require stronger role within federation

    • May affect existing participation agreements

    • May incur new liabilities, etc.

  • Federation services might not interoperate

Linking incommon and eauthentication
Linking InCommon and eAuthentication

  • Higher Ed is an important community for Federal many agency applications

    • Both have federations in place

    • Have been working together for ~ a year

  • Compatible technology

  • Similar identity attributes

    • InCommon has richer set

    • InCommon includes privacy protections

Linking incommon and eauthentication1
Linking InCommon and eAuthentication ...

  • Trust issues

    • eAuth defines 4 levels of identity assurance

    • InCommon allows ‘best effort’

      • will need to define at least one compatible LOA

    • Privacy . . .

  • Operational issues

    • Will need to include LOA in identity assertions

    • Will need to tag metadata, etc...

Linking incommon and eauthentication2
Linking InCommon and eAuthentication ...

  • Where we are now

    • Draft Memorandum of Agreement

    • Draft “InCommon Bronze” requirements

      • Based on eAuth Level 1

      • Three campuses already known to qualify

    • Working on inter-federation assessment

  • Goal

    • Interoperability by Fall of this year