1. Diego R. Lopez Middleware & identity Along the winding way

2. Becoming common place Identity management is part of normal current IT jargon  And not only in AC space And identity solutions are (or soon will be) in bloom This raises/reformulates additional issues  Reconciling base technologies  Agreeing on trust mechanisms  Aligning on schemas  Scaling in several directions  Reaching applications  Coordinating metadata

3. The Babel curse SAML is the commonly agreed lingua franca for identity data exchange But unconquered kingdoms exist  Most of the Grid territory  BS (Before SAML) infrastructures  WS are still most unexplored Rebellions (or revolutions?) arise  Lightweight identity protocols And even civil wars  Migration paths from 1.1 to 2.0 And the Empire strikes back  CardSpace  Latest announcements from Microsoft and Sun

4. Moving towards conformance In the protocol and profile forest, conformance must be at least assessed  Reference implementations  Testing facilities  AA-RR, HelloSAML, testshib.org... Practical, hybrid approaches deserve to be explored  Identify minimal properties to be preserved  Let it happen

5. In whom we trust The very base of any distributed infrastructure A common understanding is the use of public key techniques in building trust But it is not clear whether infrastructure should follow the two above Current software uses different kind of metadata structures to exchange public keys  But this poses maintenance problems  And many existing ones are based on PKI A long-term recognized need in the community  Hence the SCS success

6. Merging the two paths Possibilities to merge  Extensions can include references to Attribute Authorities  X.509 certificate SAML AuthN assertion  X.509 AC SAML Attr assertion Pieces are already around  In use in several mixed profiles  Proposed credential conversion services Including services providing a common ground  TACAR  Metadata distribution protocols

7. Casting shadows Schemas constitute the core of identity data exchange But the simplest agreement is lengthy and complicated  Even inside relatively small, tightly coupled groups And recurrent discussions about the nature of data arise New communities always try to bring their own parlance  And privacy constraints must be stated once again

8. Getting out of the cave Embrace and extend  inetOrgPerson -> eduPerson -> SCHAC IAD Concentrate on data usage  The common entitlement value for general license access in ShibEnable Decouple attributes the SCHAC way  From specific ontologies  From local dialectal forms Do not fear some redundancy  As long as a canonical representation exists

9. Citius, altius, fortius It is not only about having a scalable technology  Many aspects still need to be exercised Scale in formal procedures  As the circle grows the circumference must become thinner? Scale in financial terms  Investment by individual institutions is essential Scale in user support  Services are E2E and imply at least two parties

10. Friction-free expansion Friar William is still right  Be flexible  Keep things simple  Merge P2P and hierarchical models Facilitate the institutional migration path  Marketing, that’s it  Make embracing standards as attractive as possible  EuroCAMPs and more Take advantage of synergies  Coordination with other infrastructures  Right here, right now

11. Moving targets We are still far from reaching even half of the current applications  Talking just about the Web-based ones And there is a lot of dark matter around there  Simply legacy  I-do-it-my-way-and-no-other-possible  Commercial providers not willing to risk And a great number of non-Web natural niches  To be filled asap

12. Keys for pervasiveness Be as close to applications as possible  Speaking their own language Go beyond the Web cage  Keeping usability  Exploring WS is specially relevant Provide tools like those at the local level  Diagnose  Profile  Account  Provision Pave the migration way  A mixed solution is far better than no solution  Proxy when no other choice exists

13. A sip of their own medicine A federation is defined by its metadata Metadata distribution is a key issue  And directly related to the trust establishment process  Current methods simply do not scale Growth requires additional features  Dynamic publication  Location  Service composition And many potential metadata is still in an implicit state  Another case of middleware dark matter

14. Making interoperation possible Metadata distribution is essential  Repositories and location protocols  Registries and naming schemas Gatewaying and proxying are going to stay for a long time  To reach all the moving targets around And policies are still to be defined Many things to think about  As we are still at the very beginning And we have a toy to start playing with  First eduGAIN-enabled resources

15. Expectations Educational AAIs are happening  Though suffering their first growing pains  Using the same principles and standards Convergence to (a small number of) standards  In the SAML orbit  And others emerging AAIs can now provide a consistent set of services  Working in enhancing them So we hope you take your stand in the caravan