Page History

Registrar IDs

• http://aai.arnes.si/

• http://aai.grnet.gr/

• http://cafe.rnp.br/

• http://cofre.reuna.cl/

• http://colfire.co/

• http://eduid.at/

• http://eduid.hu/

• http://federation.belnet.be/

• http://feide.no/

• http://iif.iucc.ac.il/

• http://laife.lanet.lv/

• http://rr.aai.switch.ch/

• http://ukfederation.org.uk/

• http://www.canarie.ca/

• http://www.csc.fi/haka

• http://www.eduid.cz/

• http://www.heanet.ie/

• http://www.idem.garr.it/

• http://www.rediris.es/

• http://www.srce.hr/

• http://www.surfconext.nl/

• http://www.swamid.se/

• https://aai.pionier.net.pl/

• https://federation.renater.fr/

• https://fedi.litnet.lt/

• https://incommon.org/

• https://minga.cedia.org.ec/

• https://www.aai.dfn.de/

• https://www.gakunin.jp/

• https://www.wayf.dk/

Federation Scenarios

Throughout this wiki space, a SAML entity (or just entity for short) refers to either a SAML Service Provider or a SAML Identity Provider. A SAML entity exhibits metadata (sometimes called entity metadata), which minimally includes the keys and endpoints of the named entity.

Two SAML entities come to trust each other (in a technical sense) by securely sharing each other’s metadata. This is called federation (lowercase “f”).

Bilateral Federation

Outside of higher education, the most common form of federation is bilateral, that is, two entities share metadata via some ad hoc method such as email or a protected web app (i.e., an HTML form).

The transmission of metadata via email is inherently insecure and error prone. Using a partner’s web app to submit metadata is potentially more secure than email but deficient in other ways. Indeed, both techniques have significant security, usability, interoperability, and scaling issues. The bottom line is: avoid bilateral federation whenever possible.

Multilateral Federation