Exploring Federation Model Options - Thu/Fri Oct. 4-5, 2012
TOPIC: Federation Models (Options)
CONVENER: Mark Scheible
SCRIBE: Karen O'Donoghue
# of ATTENDEES: ~23
MAIN ISSUES DISCUSSED:
Examples of models:
- Hub and spoke - WAYF - David Simonsen paper
- Central - UK
- Hierarchal - InCommon sub federations - institutions subordinate
- Full mesh
- Absence of federation or trust (oauth model)
More hub and spoke discussion/clarification:
- What are you trying to achieve in terms of user (trust) experience? What are you intentionally trying to hide?
- Auditing / accounting happening at the hub? Security incidents - are you collecting enough at the hub to address them?
- Is there an option within WAYF for hub-less operation? Yes using proxy. Don't see contractual relationship between SP and IdP.
- Do you police what IdPs are providing ... IdP must support the semantic model of the federation
Should an IdP see the services a user is accessing?
Not being able to do cross correlation between sites - privacy preserving -
What are the issues related to passing information from an IdP to an SP with something in the middle (eg. HIPAA-Protected patient data - known allergies)
Assumptions about organizational identity that are baked into applications.
- impact on services (things developers do that impact the services)
Explanation of Hub and Spoke Model used by WAYF (Denmark) - David Simonsen
Slides from David Simonsen *******
- P2P (Mesh Model)
- Hub-and-Spoke (Original Denmark WAYF Model)
- Fed-Hub Model (Current Denmark WAYF Model with Proxy endpoints for P2P connections)
- Mesh and Hub Model - Hybrid Model
- Mesh and Hub + Attribute Stores (Attribute Authorities) - Hybrid Model
What are the properties of a good model?
- scalability
- interoperability (of models)
- Institution <--> Services
- IdP <--> SP
- IdP <--> AA
What behaviors are of interest between communities?
What issues should be paid attention to?
What are the roles that federation play:
- Normalizers of behaviors
- Things we should normalize locally and things we shouldn't touch (don't mess with LoA)
- Don't mess with adding new vocabulary to existing attributes.
- Different sets of attributes per sector (some unique attributes)
Use Cases for Different Models:
- Dimensions of the Use Cases: Technical, Organizational Capacity, Policy, Privacy, Regulatory
- Which Models (or aspects of a model) fit each particular Use Case
- Need to develop Use Cases, why they don't work with the current model and what's needed?
Benefits and Threats of each model:
Model |
Description/Example |
Benefits |
Threats/Risks |
Comments |
---|---|---|---|---|
Hub & Spoke (Gateway) |
Decentralized authentication, centralized SSO (as an option), centralized federation |
- Mix different protocols |
- Potential privacy concerns with 3rd party "in the middle" |
|
Hierarchical (Could be Hybrid) |
- University of Texas System (e.g. InCommon/LEARN/UT system) |
- Layered Federations |
|
|
Central |
- All credentials are centrally provisioned and managed? |
- Managed for Institutions |
- Potential privacy concerns with 3rd party "in the middle" (especially commercial provider) |
|
Mesh |
Every entity (IdP, SP) has copy of the trusted federation metadata (MD) listing all federation members |
- no "man in the middle" - better privacy? |
- Requires higher level of expertise, experience |
|
Hybrid |
- Combination of more than one of the above |
- Provides (some) benefits of both models |
- "Could" provide a way to eliminate a particular threat by combining models |
|
Unintended parties - eg. Passport -
user expectation and culture, regulatory,
"could we" / "should we" tradeoff
passing bi-laterial agreements / attributes
ACTIVITIES GOING FORWARD / NEXT STEPS
Possible additional session tomorrow? (Done - Part 2 content added to this session)
- Finish filling in table (most cells completed, updates welcomed)
- Develop some Use Cases (examples added - need more use case descriptions)
- How does this "fit" with moving away from Metadata File distribution (any impact on the above federation models)? - Answer: Probably not
- Apply (Suggest) some models to the Use Cases (If Time) - Future Work (by whom?)
- Consider Pilots? - Or, examine existing models (e.g. WAYF, Univ. Texas System, K-12 in Scotland, etc.) in more detail
Thank you!