Internet2 is investigating a security incident involving a compromise to a confluence server that affected on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email
Child pages
  • What is Multilateral Federation?
Skip to end of metadata
Go to start of metadata

As a prerequisite to interoperation, Identity Providers and Service Providers share each other's metadata, which minimally includes their keys and service endpoints. This is called often called federation. How that metadata is shared determines whether the federation is considered bilateral or multilateral.

Bilateral Federation

Outside of higher education, the most common form of federation is bilateral, that is, an IdP and an SP share metadata via some ad hoc method such as email or a protected web app (i.e., an HTML form). Combined with a contract, bilateral federation enables trusted interoperation between one IdP and one SP.

Multilateral Federation

Multilateral federation usually implies a trusted 3rd party that securely registers and reliably publishes all entity metadata. When combined with a common set of policies, multilateral federation enables trusted interoperation between all Identity Providers and all Service Providers.

  • No labels