A(nother) view on federation issues

1. A(nother) view on federation issues

2. The F... word • Has become common place • And not only in AC space • And federations are (or soon will be) in bloom • This raises/reformulates additional issues • Reconciling base technologies • Agreeing on trust mechanisms • Aligning on schemas • Reaching applications • Coordinating metadata

3. The L... word • SAML is the commonly agreed lingua franca for identity data exchange • But unconquered kingdoms exist • Most of the Grid territory • BS infrastructures • MS and its strategy • WS are still most unexplored • Rebellions arise • Lightweight identity protocols • And even civil wars • Migration paths from 1.1 to 2.0

4. Moving towards conformance • In the protocol and profile forest, conformance must be at least assessed • Reference implementations • Testing facilities • Practical, hybrid approaches deserve to be explored • Identify minimal properties to be preserved • Let it happen

5. The T... word • Another common understanding is the use of public key techniques in building trust • But it is not clear whether infrastructure should follow the two above • Current federation software uses different kind of metadata structures to exchange public keys • But this poses maintenance problems • And many existing federations are based on PKI • But convergence seems the only path

6. Merging the two paths • Possibilities to merge • Extensions can include references to Attribute Authorities • X.509 certificate <=> SAML AuthN assertion • X.509 AC <=> SAML Attr assertion • Pieces are already around • And approaches like PMAs and TACAR can play a key role

7. The D... word • Schemas constitute the core of federation data exchange • But even the simplest agreement is lengthy and complicated • Even inside relatively small, tightly coupled groups • And recurrent discussions about the nature of data arise • New communities always try to bring their own parlance • And privacy constraints must be stated once again

8. Getting out of the cave • Concentrate on data usage • The common entitlement value for general license access in ShibEnable • Decouple attributes the SCHAC way • From specific ontologies • From local dialectal forms • Do not fear some redundancy • As long as a canonical representation exists

9. The A... word • We are still far for reaching even half of the current applications • Talking just about the Web-based ones • And there is a lot of dark matter around there • Simply legacy • I-do-it-my-way-and-no-other-possible • Commercial providers not willing to risk • And a great number of non-Web natural niches • To be filled asap

10. Keys for pervasiveness • Try to keep as close to applications as possible • Speaking their own language • Try to go beyond the Web cage • Keeping usability • Exploring WS is specially relevant • Pave the migration way • A mixed solution is far better than no solution • Proxy when no other choice exists

11. The C... word • A federation is defined by its metadata • Metadata distribution is a key issue • And directly related to the trust establishment process • Current methods simply do not scale • Growth requires additional features • Dynamic publication • Location • Service composition • And many potential metadata is still in an implicit state • Another case of middleware dark matter

12. Making interoperation possible • Metadata distribution is essential • Repositories and location protocols • Registries and naming schemas • Gatewaying and proxying are going to stay for a long time • To reach all the moving targets around • And policies are still to be defined • Many things to think about • As we are still at the very beginning