Exploring Federation Model Options - Thu/Fri Oct. 4-5, 2012


TOPIC:  Federation Models (Options)

CONVENER:  Mark Scheible

SCRIBE:  Karen O'Donoghue

# of ATTENDEES: ~23

MAIN ISSUES DISCUSSED:

Examples of models:

  • Hub and spoke - WAYF - David Simonsen paper
  • Central - UK
  • Hierarchal - InCommon sub federations - institutions subordinate
  • Full mesh
  • Absence of federation or trust (oauth model) 

More hub and spoke discussion/clarification:

  • What are you trying to achieve in terms of user (trust) experience? What are you intentionally trying to hide? 
  • Auditing / accounting happening at the hub? Security incidents - are you collecting enough at the hub to address them? 
  • Is there an option within WAYF for hub-less operation? Yes using proxy. Don't see contractual relationship between SP and IdP. 
  • Do you police what IdPs are providing ... IdP must support the semantic model of the federation
    Should an IdP see the services a user is accessing?

Not being able to do cross correlation between sites - privacy preserving - 

What are the issues related to passing information from an IdP to an SP with something in the middle (eg. HIPAA-Protected patient data - known allergies)

Assumptions about organizational identity that are baked into applications. 

  • impact on services (things developers do that impact the services)

Explanation of Hub and Spoke Model used by WAYF (Denmark) - David Simonsen

Slides from David Simonsen *******

  1. P2P (Mesh Model)
  2. Hub-and-Spoke (Original Denmark WAYF Model)
  3. Fed-Hub Model (Current Denmark WAYF Model with Proxy endpoints for P2P connections)
  4. Mesh and Hub Model - Hybrid Model
  5. Mesh and Hub + Attribute Stores (Attribute Authorities) - Hybrid Model

What are the properties of a good model?

  • scalability
  • interoperability (of models)
  • Institution <--> Services
  • IdP <--> SP
  • IdP <--> AA

What behaviors are of interest between communities? 

What issues should be paid attention to?

What are the roles that federation play:

  • Normalizers of behaviors
    • Things we should normalize locally and things we shouldn't touch (don't mess with LoA)
  • Don't mess with adding new vocabulary to existing attributes. 
  • Different sets of attributes per sector (some unique attributes)

Use Cases for Different Models:

  • Dimensions of the Use Cases: Technical, Organizational Capacity, Policy, Privacy, Regulatory
  • Which Models (or aspects of a model) fit each particular Use Case
  • Need to develop Use Cases, why they don't work with the current model and what's needed?

Benefits and Threats of each model:

Model

Description/Example

Benefits

Threats/Risks

Comments

Hub & Spoke (Gateway)

Decentralized authentication, centralized SSO (as an option), centralized federation 

- WAYF (Denmark Federation)

- Mix different protocols
- Value-added Services
   * ARP Profiles
   * IdP/Federation
- Allows Institutions with limited skillsets, resources to participate

- Potential privacy concerns with 3rd party "in the middle"

 

Hierarchical (Could be Hybrid)

- University of Texas System (e.g. InCommon/LEARN/UT system)

- Layered Federations
- Multi-model
- Local autonomy and Flexibility
- Foundational Policy (top) with layered (local) policy

 

 

Central

- All credentials are centrally provisioned and managed?

Examples: (UK/Scotland, K-12 Denmark, etc.)

- Managed for Institutions

- Multi-scoped IdP?

- Potential privacy concerns with 3rd party "in the middle" (especially commercial provider)

 

Mesh

Every entity (IdP, SP) has copy of the trusted federation metadata (MD) listing all federation members
 
- Current InCommon Model

- no "man in the middle" - better privacy?
- advanced features (gateways simplify and strip down)

- Requires higher level of expertise, experience
- Could be a barrier to those with limited resources
- Doesn't scale well (at least the MD files don't)

 

Hybrid

- Combination of more than one of the above
  (Addition of "Proxy Endpoints" to WAYF Hub & Spoke to allow P2P)

- Provides (some) benefits of both models

- "Could" provide a way to eliminate a particular threat by combining models

 

Unintended parties - eg. Passport -

user expectation and culture, regulatory,

"could we" / "should we" tradeoff

passing bi-laterial agreements / attributes

ACTIVITIES GOING FORWARD / NEXT STEPS

Possible additional session tomorrow? (Done - Part 2 content added to this session)

  1. Finish filling in table (most cells completed, updates welcomed)
  2. Develop some Use Cases (examples added - need more use case descriptions)
  3. How does this "fit" with moving away from Metadata File distribution (any impact on the above federation models)? - Answer: Probably not
  4. Apply (Suggest) some models to the Use Cases (If Time) - Future Work (by whom?)
  5. Consider Pilots? - Or, examine existing models (e.g. WAYF, Univ. Texas System, K-12 in Scotland, etc.) in more detail

Thank you!

  • No labels