Child pages
  • What is Multilateral Federation?
Skip to end of metadata
Go to start of metadata

As a prerequisite to interoperation, Identity Providers and Service Providers share each other's metadata, which minimally includes their keys and service endpoints. This is called often called federation. How that metadata is shared determines whether the federation is considered bilateral or multilateral.

Bilateral Federation

Outside of higher education, the most common form of federation is bilateral, that is, an IdP and an SP share metadata via some ad hoc method such as email or a protected web app (i.e., an HTML form). Combined with a contract, bilateral federation enables trusted interoperation between one IdP and one SP.

Multilateral Federation

Multilateral federation usually implies a trusted 3rd party that securely registers and reliably publishes all entity metadata. When combined with a common set of policies, multilateral federation enables trusted interoperation between all Identity Providers and all Service Providers.

  • No labels