Goals
Intended audience
- GA members or people mandated by them
Date/Time
- check https://events.geant.org/
- one month in advance, 1-2 weeks before TNC would be ideal
Introduction
The birth of
...
inter-National identity federations (in the
...
Research and Education sectors)
- The first identity federations were built by NRENs National Research and Education Network managers, primarily to organise access to shared resources, in most cases to organise access by university affiliates to national library resources, in other cases to shared enable their users to access and share online resources. In most cases, this approach was used to enable university teachers and students to access National library resources. In other cases, it enabled e-learning resources to be shared between collaborating teams in different universities within national boundariesone country. This revolutionary change happened, quietly, in the first decade of our present millennium.
- It was clear (to NREN managers) from the outset that these National identity federations will need to be interconnected soon:would grow and become interconnected on a global basis, as National teams sought to share their resources, and collaborate with their international peers.
- National federation operators responded by settling
- The federation operators were trying to settle on common standards, or to establish such standards establishing new ones where needed.
- Well-established Existing organisational structures were used - , and extended - , to host such coordination work: . e.g. the predecessor organisation of GÉANT : = Terena and friends
The industry response
- The de-facto standards for linking commercial products to IAM services were directory protocols, of which LDAP protocols for managing a user's access to their organisation's services and applications used directory protocols. Lightweight Directory Access Protocol (LDAP) was the most dominant one. This approach works reasonably well in within a single organisation context, but not when crossing organisational borders, let a lone crossing alone expanding across National federations.
- The emerging OASIS standard SAML was not yet adopted yet, but Security Assertion Markup Language (SAML) specification looked very promising for solving the federation and interfederation problem. The international NREN community , and inter-federation, problems. International teams that spanned across National Research and Education Networks (NREN) became the biggest early adopter adopters of SAML and driver for subsequent the drivers of further development of the standard.
- Market adoption of the SAML standard grew, primarily because it supported "extranet use cases" where companies started to link with network managers could link between partner companies on a bilateral basis. SAML became an additional option in many commercial products to link with IAM systemsIdentity and Access Management (IAM) products.
- But the usage scenario of the global research and education sector remained unique. WHY???
- NREN communities were The community was therefore let alone with the effort to push the development of the interfederation tooling Inter-federation tooling, which were required to support its usage scenario, with their global users/teams. Shibboleth and SimpleSAMLphp being the most important work horses. Not that we wanted to, but we had to.
The establishment of
...
International Federation services and their governance
...
The lack of industry uptake required requires the NREN community communities to take several aspects of common services and governance into its their own hands:
- driving the further development of the underlying protocols: engaging in the relevant industry standards bodies
- driving the further development of the tooling: setting up consortia, e.g. the Shibboleth Consortium and fundraising options for Shibboleth as well as SimpleSAMLphp
- standardisation and profiling work for the data being exchanged
- setting up metadata exchange clearing houses
- transparency and quality assurance frameworks
...
- eIDs: They are already available in some member states, but will become so in all member states and also become much more accessible, also in cross-border scenarios
- This makes onboarding processes in our community much easier
- but But the overall impact is rather limited, as the eIDs usually cannot generally be used for authentication outside of e-government services
- The eID ecosystem: consisting of wallets, credentials and , attestations and a supporting trust framework service provider providers can link into
- The promises of the eID ecosystem are covering a fair part of what our identity interfederations deliver to us already , but some promises go beyondor ones we:
- less dependencies on intermediaries, better data protection, improved self-sovereignty, and most importantly: cross-sectorial use
- the The cross-sectorial use may become a real game changer: we
- We are well
- organised to take governance decisions as a community for the
- The promises of the eID ecosystem are covering a fair part of what our identity interfederations deliver to us already , but some promises go beyondor ones we:
...
- national, regional and global research and education community. Consultation and standardisation structures are in place and working well. We have an established sector governance.
- Next to demonstrably working sector governance we need also recognition beyond our own sector to support cross-sectorial use cases. The following elements are helpful:
- Following industry and governmental standards and governance structures
- Trust and assurance proofs, like accreditations and audit reports
- Anchoring of our governance structure in our highest bodies
Opportunities
- Cost and efficiency:
- Extending relevance and reach with stronger cross-sectorial scope:
- Leveraging the experience of two decades "interfederation":
Risks
- "ontopiness": how to reduce it?