Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Goals 

Intended audience

  • GA members or people mandated by them

Date/Time

Introduction

The birth of inter-National identity federations (in the Research and Education sectors)

  • The first identity federations were built by National Research and Education Network managers, primarily to enable their users to access and share online resources. In most cases, this approach was used to enable university teachers and students to access National library resources. In other cases, it enabled e-learning resources to be shared between collaborating teams in different universities within one country. This revolutionary change happened, quietly, in the first decade of our present millennium. 
  • It was clear (to NREN managers) from the outset that these National identity federations would grow and become interconnected on a global basis, as National teams sought to share their resources, and collaborate with their international peers.
    • National federation operators responded by settling on common standards, or to establishing new ones where needed.
    • Existing organisational structures were used, and extended, to host such coordination work. e.g. the predecessor organisation of GÉANT = Terena and friends

The industry response

  • The de-facto protocols for managing a user's access to their organisation's services and applications used directory protocols. Lightweight Directory Access Protocol (LDAP) was the most dominant one. This approach works reasonably well within a single organisation, but not when crossing organisational borders, let alone expanding across National federations.
  • The emerging Security Assertion Markup Language (SAML) specification looked very promising for solving federation, and inter-federation, problems. International teams that spanned across National Research and Education Networks (NREN) became the biggest early adopters of SAML and the drivers of further development of the standard.
  • Market adoption of the SAML standard grew, primarily because it supported "extranet use cases" where network managers could link between partner companies on a bilateral basis. SAML became an option in many commercial Identity and Access Management (IAM) products.
  • But the usage scenario of the global research and education sector remained unique. WHY???
  • NREN communities were therefore let alone with the effort to push the development of Inter-federation tooling, which were required to support their global users/teams. Shibboleth and SimpleSAMLphp being the most important work horses. Not that we wanted to, but we had to.

The establishment of International Federation services and their governance

The lack of industry uptake requires the NREN communities to take several aspects of common services and governance into their own hands:

  • driving the further development of the underlying protocols: engaging in the relevant industry standards bodies
  • driving the further development of the tooling: setting up consortia, e.g. the Shibboleth Consortium and fundraising options for Shibboleth as well as SimpleSAMLphp
  • standardisation and profiling work for the data being exchanged
  • setting up metadata exchange clearing houses
  • transparency and quality assurance frameworks

What is changing now and what is the impact?

The eIDAS v2 regulatory framework and associated services might develop into a game changer in several aspects:

  • eIDs: They are already available in some member states, but will become so in all member states and also become much more accessible, also in cross-border scenarios
    • This makes onboarding processes in our community much easier
    • But the overall impact is rather limited, as the eIDs usually cannot generally be used for authentication outside of e-government services
  • The eID ecosystem: consisting of wallets, credentials, attestations and a supporting trust framework service providers can link into
    • The promises of the eID ecosystem are covering a fair part of what our identity interfederations deliver to us already or ones we:
      • less dependencies on intermediaries, better data protection, improved self-sovereignty, and most importantly: cross-sectorial use
    • The cross-sectorial use may become a real game changer:
      • We are well organised to take governance decisions as a community for the national, regional and global research and education community. Consultation and standardisation structures are in place and working well. We have an established sector governance.
      • Next to demonstrably working sector governance we need also recognition beyond our own sector to support cross-sectorial use cases. The following elements are helpful:
        • Following industry and governmental standards and governance structures
        • Trust and assurance proofs, like accreditations and audit reports
        • Anchoring of our governance structure in our highest bodies

Opportunities

  • Cost and efficiency:
  • Extending relevance and reach with stronger cross-sectorial scope:
  • Leveraging the experience of two decades "interfederation":

Risks

  • "ontopiness": how to reduce it?

Our options

Call for action