1 / 12

A(nother) view on federation issues

A(nother) view on federation issues. The F... word. Has become common place And not only in AC space And federations are (or soon will be) in bloom This raises/reformulates additional issues Reconciling base technologies Agreeing on trust mechanisms Aligning on schemas

zlivingston
Download Presentation

A(nother) view on federation issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A(nother) view on federation issues

  2. The F... word • Has become common place • And not only in AC space • And federations are (or soon will be) in bloom • This raises/reformulates additional issues • Reconciling base technologies • Agreeing on trust mechanisms • Aligning on schemas • Reaching applications • Coordinating metadata

  3. The L... word • SAML is the commonly agreed lingua franca for identity data exchange • But unconquered kingdoms exist • Most of the Grid territory • BS infrastructures • MS and its strategy • WS are still most unexplored • Rebellions arise • Lightweight identity protocols • And even civil wars • Migration paths from 1.1 to 2.0

  4. Moving towards conformance • In the protocol and profile forest, conformance must be at least assessed • Reference implementations • Testing facilities • Practical, hybrid approaches deserve to be explored • Identify minimal properties to be preserved • Let it happen

  5. The T... word • Another common understanding is the use of public key techniques in building trust • But it is not clear whether infrastructure should follow the two above • Current federation software uses different kind of metadata structures to exchange public keys • But this poses maintenance problems • And many existing federations are based on PKI • But convergence seems the only path

  6. Merging the two paths • Possibilities to merge • Extensions can include references to Attribute Authorities • X.509 certificate <=> SAML AuthN assertion • X.509 AC <=> SAML Attr assertion • Pieces are already around • And approaches like PMAs and TACAR can play a key role

  7. The D... word • Schemas constitute the core of federation data exchange • But even the simplest agreement is lengthy and complicated • Even inside relatively small, tightly coupled groups • And recurrent discussions about the nature of data arise • New communities always try to bring their own parlance • And privacy constraints must be stated once again

  8. Getting out of the cave • Concentrate on data usage • The common entitlement value for general license access in ShibEnable • Decouple attributes the SCHAC way • From specific ontologies • From local dialectal forms • Do not fear some redundancy • As long as a canonical representation exists

  9. The A... word • We are still far for reaching even half of the current applications • Talking just about the Web-based ones • And there is a lot of dark matter around there • Simply legacy • I-do-it-my-way-and-no-other-possible • Commercial providers not willing to risk • And a great number of non-Web natural niches • To be filled asap

  10. Keys for pervasiveness • Try to keep as close to applications as possible • Speaking their own language • Try to go beyond the Web cage • Keeping usability • Exploring WS is specially relevant • Pave the migration way • A mixed solution is far better than no solution • Proxy when no other choice exists

  11. The C... word • A federation is defined by its metadata • Metadata distribution is a key issue • And directly related to the trust establishment process • Current methods simply do not scale • Growth requires additional features • Dynamic publication • Location • Service composition • And many potential metadata is still in an implicit state • Another case of middleware dark matter

  12. Making interoperation possible • Metadata distribution is essential • Repositories and location protocols • Registries and naming schemas • Gatewaying and proxying are going to stay for a long time • To reach all the moving targets around • And policies are still to be defined • Many things to think about • As we are still at the very beginning

More Related