You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

OIDC Federations

Presentation of Roland Hedberg

  • OIDC Federations: dynamic, not static discovery
  • Policies
  • Metadata self-contained, transport and origin independent
    --> chain of trust
    --> metadata statement
    --> Federation "depth" --> tree basically, op and rp can belong to several federations or none
  • First federations planning to use proxies for OIDC, like Haka
  • OIDC for web and smartphone, non-web?
  • Work going on at InCommon
  • AARC is moving faster forward than REFEDS
  • let Maarten and Roland know if you have a use case

EduKEEP

Life long learning -> one id

federations in central way

Issues:

  • old id is distroyed when leaving organisation
  • multiple ids possible
  • no support for services when you leave an organisation/community
  • multiple concurrent affiliations 

--> user-centric approach

--> split authentication and authorisation
--> persistent digital identity
--> longevity
--> inclusiveness

LoA, Link to other initiatives

Implementations:

  • SWITCH --> EduID
    enriching identity
    personal responsibilities of individuals
    proxy, might by hybrid (SAML/OIDC)
  • SUNET --> EduID
  • GARR --> eGov ID

User cases:

  • Alumni
  • Researchers
  • Teachers
  • Third party Services

Risks:

  • Central operations
  • Security
  • Critical process
  • Legal implications
  • Financial models
  • Government models

High Level Architecture document

 

Action Items

 

  • No labels