...
OpenID Federation shares many concepts with the existing SAML based federations as currently deployed in R&E. The basic entities (OP, RP and trusted third parties like TA or IA) and the interactions between these can all be represented in OpenID Federation in a similar fashion as these exist in a SAML R&E federation.
- Entity Category: Grouping of entities is typically done via a:
- Trust Anchor or an Intermediate. All entities with similar behavious are members of the same intermediate (or trust anchor)
- Trust Mark could also be used. A trust mark is created by a trust mark owner (
- A Trust Mark may be self issued.
- Entity Attribute Signalling assurance certifications is done using so called Trust Marks.
- Profiles, signalling certain behaviour as part of a transaction is generally covered in the underlying standards like OpenID Connect and OAuth2. The capablity for signalling is often available, however the semantics may need to be adopted
- Metadata Extension, provide an extention to existing metadata profiles is allowed in the OpenID Federation specification. For broad acceptance and implementation of an extention it may be needed to engage with the OpenID Foundation, e.g. via de RandE working group
- Frameworks, are currenlty basically assurance frameworks, which provide a structured means of describing or defining the main sources of assurance provided within the federation by the member entities or the federation itself.
...