80 likes | 192 Views
What is the Point of PEER?. Nicole Harris. What is an Identity Federation?. Burton Group: “ The agreements, standards, and technologies that make identity and entitlements portable across autonomous domains.” REFEDS:
E N D
What is the Point of PEER? Nicole Harris
What is an Identity Federation? Burton Group: “The agreements, standards, and technologies that make identity and entitlements portable across autonomous domains.” REFEDS: “a group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable access via authentication. A policy in itself is not enough to make this access happen - federations provide and interact with a distributed set of software and infrastructure to make federated access happen by creating a circle of trust.”
A Typical R&E Federation Policy Member Validation Metadata Aggregation Metadata Publication Entity Registrar Support
We asked… Can parts of this job be done by someone other than the Federation Operator? What is the lowest bar for validation of metadata? Member Validation Entity Registrar
Why? Key Concern: at the moment, services like the REFEDS wiki or the Shibboleth wiki are having to register and maintain their metadata in over 10 different locations, following different guidelines and processes. • Work intensive; • Encourages inconsistencies; • Leads to stale data. Also: there are lack of human readable interfaces for metadata registration. With some notable exceptions, this is done manually via email change requests.
PEER • Is NOT a federation; • Provides a centralised function of a part of federation operations; • Can be used as a registry tool by individual federations; • REFEDS to create a service instance for entities involved in the R&E community.
Key Elements • ‘Validation’ is done purely at a technical level – the registrant must prove they have some ownership of a domain: • Currently via hosted url; • Email to known org email address on the to do list. • Federated access to come but need other auth routes for SPs without an IdP etc. • Phase 1 near completion. Phase 2 to add functions and look at plugging in to some test federations.
Questions? • Will entities still have to join multiple federations? • Most probably yes, but be able to tell the federation to collect their entity information from elsewhere. • Who is willing to consume data from such an aggregate? • SWAMID and the UK interested in this approach to lower barriers for SPs in particular. • OIX interested in the software for use elsewhere. • Could be a useful tool for developing countries interested in identity federations – i.e. the work that EIFL.net are doing. • What data to we need? Entity data up to richer description? (MET tool)