Versions Compared

Old Version 5

changes.mady.by.user simon fj

Saved on

compared with

New Version Current

changes.mady.by.user Christoph Graf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Goals 

Intended audience

  • GA members or people mandated by them

Date/Time

Introduction

The birth of

...

inter-National identity federations (in the

...

Research and Education sectors)

  • The first identity federations were built by NRENs primarily to organise access to shared resources, in most cases to organise access by university affiliates to national library resources, in other cases to shared e-learning resources between collaborating universities within national boundaries. This happened National Research and Education Network managers, primarily to enable their users to access and share online resources. In most cases, this approach was used to enable university teachers and students to access National library resources. In other cases, it enabled e-learning resources to be shared between collaborating teams in different universities within one country. This revolutionary change happened, quietly, in the first decade of our present millennium. 
  • It was clear (to NREN managers) from the outset that these National identity federations will need to be interconnected soon:would grow and become interconnected on a global basis, as National teams sought to share their resources, and collaborate with their international peers.
    • National federation operators responded by settling
    • The federation operators were trying to settle on common standards, or to establish such standards establishing new ones where needed.
    • Well-established Existing organisational structures were used - , and extended - , to host such coordination work: . e.g. the predecessor organisation of GÉANT : = Terena and friends

The industry response

  • The de-facto standards for linking commercial products to IAM services were directory protocols, of which LDAP protocols for managing a user's access to their organisation's services and applications used directory protocols. Lightweight Directory Access Protocol (LDAP) was the most dominant one. This approach works reasonably well in within a single organisation context, but not when crossing organisational borders, let a lone crossing alone expanding across National federations.
  • The emerging OASIS standard SAML was not yet adopted yet, but Security Assertion Markup Language (SAML) specification looked very promising for solving the federation and interfederation problem. The international NREN community , and inter-federation, problems. International teams that spanned across National Research and Education Networks (NREN) became the biggest early adopter adopters of SAML and driver for subsequent the drivers of further development of the standard.
  • Market adoption of the SAML standard grew, primarily because it supported "extranet use cases" where companies started to link with network managers could link between partner companies on a bilateral basis. SAML became an additional option in many commercial products to link with IAM systemsIdentity and Access Management (IAM) products.
  • But the usage scenario of the global research and education sector remained unique. WHY???
  • NREN communities were The community was therefore let alone with the effort to push the development of the interfederation tooling Inter-federation tooling, which were required to support its usage scenario, with their global users/teams. Shibboleth and SimpleSAMLphp being the most important work horses. Not that we wanted to, but we had to.

The establishment of

...

International Federation services and their governance

...

The lack of industry uptake required requires the NREN community communities to take several aspects of common services and governance into its their own hands:

  • driving the further development of the underlying protocols: engaging in the relevant industry standards bodies
  • driving the further development of the tooling: setting up consortia, e.g. the Shibboleth Consortium and fundraising options for Shibboleth as well as SimpleSAMLphp
  • standardisation and profiling work for the data being exchanged
  • setting up metadata exchange clearing houses
  • transparency and quality assurance frameworks

...

  • Cost and efficiency:
  • Extending relevance and reach with stronger cross-sectorial scope:
  • Leveraging the experience of two decades "interfederation":

Risks

  • "ontopiness": how to reduce it?

Our options

Call for action