A(nother) view on federation issues

Has become common place And federations are (or soon will be) in bloom The F... word Has become common place And not only in AC space And federations are (or soon will be) in bloom This raises/reformulates additional issues Reconciling base technologies Agreeing on trust mechanisms Aligning on schemas Reaching applications Coordinating metadata

SAML is the commonly agreed lingua franca for identity data exchange The L... word SAML is the commonly agreed lingua franca for identity data exchange But unconquered kingdoms exist Most of the Grid territory BS infrastructures MS and its strategy WS are still most unexplored Rebellions arise Lightweight identity protocols And even civil wars Migration paths from 1.1 to 2.0

Moving towards conformance In the protocol and profile forest, conformance must be at least assessed Reference implementations Testing facilities Practical, hybrid approaches deserve to be explored Identify minimal properties to be preserved Let it happen

But it is not clear whether infrastructure should follow the two above The T... word Another common understanding is the use of public key techniques in building trust But it is not clear whether infrastructure should follow the two above Current federation software uses different kind of metadata structures to exchange public keys But this poses maintenance problems And many existing federations are based on PKI But convergence seems the only path

Possibilities to merge Merging the two paths Possibilities to merge Extensions can include references to Attribute Authorities X.509 certificate <=> SAML AuthN assertion X.509 AC <=> SAML Attr assertion Pieces are already around And approaches like PMAs and TACAR can play a key role

Schemas constitute the core of federation data exchange The D... word Schemas constitute the core of federation data exchange But even the simplest agreement is lengthy and complicated Even inside relatively small, tightly coupled groups And recurrent discussions about the nature of data arise New communities always try to bring their own parlance And privacy constraints must be stated once again

Concentrate on data usage Getting out of the cave Concentrate on data usage The common entitlement value for general license access in ShibEnable Decouple attributes the SCHAC way From specific ontologies From local dialectal forms Do not fear some redundancy As long as a canonical representation exists

We are still far for reaching even half of the current applications The A... word We are still far for reaching even half of the current applications Talking just about the Web-based ones And there is a lot of dark matter around there Simply legacy I-do-it-my-way-and-no-other-possible Commercial providers not willing to risk And a great number of non-Web natural niches To be filled asap

Keys for pervasiveness Try to keep as close to applications as possible Speaking their own language Try to go beyond the Web cage Keeping usability Exploring WS is specially relevant Pave the migration way A mixed solution is far better than no solution Proxy when no other choice exists

A federation is defined by its metadata The C... word A federation is defined by its metadata Metadata distribution is a key issue And directly related to the trust establishment process Current methods simply do not scale Growth requires additional features Dynamic publication Location Service composition And many potential metadata is still in an implicit state Another case of middleware dark matter

Making interoperation possible Metadata distribution is essential Repositories and location protocols Registries and naming schemas Gatewaying and proxying are going to stay for a long time To reach all the moving targets around And policies are still to be defined Many things to think about As we are still at the very beginning