The briefing document

Introduction

The first identity federations were built by NRENs primarily to organise access to shared resources, in most cases to organise access by university affiliates to national library resources, in other cases to shared e-learning resources between collaborating universities within national boundaries. This happened in the first decade of our present millennium.
It was clear from the outset that these identity federations will need to be interconnected soon:
- The federation operators were trying to settle on common standards, or to establish such standards where needed.
- Well-established structures were used - and extended - to host such coordination work: the predecessor organisation of GÉANT: Terena and friends

The de-facto standards for linking commercial products to IAM services were directory protocols, of which LDAP was the most dominant one. This works reasonably well in a single organisation context, but not when crossing organisational borders, let a lone crossing federations.
The emerging OASIS standard SAML was not yet adopted yet, but looked very promising for solving the federation and interfederation problem. The international NREN community became the biggest early adopter of SAML and driver for subsequent further development of the standard.
Market adoption of SAML grew, because it supported "extranet use cases" where companies started to link with partner companies on a bilateral basis. SAML became an additional option in many commercial products to link with IAM systems.
But the usage scenario of the global research and education sector remained unique.
The community was therefore let alone with the effort to push the development of the interfederation tooling required to support its usage scenario, with Shibboleth and SimpleSAMLphp being the most important work horses. Not that we wanted to, but we had to.

The lack of industry uptake required the NREN community to take several aspects of common services and governance into its own hands:

driving the further development of the underlying protocols: engaging in the relevant industry standards bodies
driving the further development of the tooling: setting up consortia, e.g. the Shibboleth Consortium and fundraising options for Shibboleth as well as SimpleSAMLphp
standardisation and profiling work for the data being exchanged
setting up metadata exchange clearing houses
transparency and quality assurance frameworks

The eIDAS v2 regulatory framework and associated services might develop into a game changer in several aspects:

eIDs: They are already available in some member states, but will become so in all member states and also become much more accessible, also in cross-border scenarios
- This makes onboarding processes in our community much easier
- But the overall impact is rather limited, as the eIDs usually cannot generally be used for authentication outside of e-government services
The eID ecosystem: consisting of wallets, credentials, attestations and a supporting trust framework service providers can link into
- The promises of the eID ecosystem are covering a fair part of what our identity interfederations deliver to us already or ones we:
  - less dependencies on intermediaries, better data protection, improved self-sovereignty, and most importantly: cross-sectorial use
- The cross-sectorial use may become a real game changer:
  - We are well organised to take governance decisions as a community for the national, regional and global research and education community. Consultation and standardisation structures are in place and working well. We have an established sector governance.
  - Next to demonstrably working sector governance we need also recognition beyond our own sector to support cross-sectorial use cases. The following elements are helpful:
    - Following industry and governmental standards and governance structures
    - Trust and assurance proofs, like accreditations and audit reports
    - Anchoring of our governance structure in our highest bodies