BEER - Bucket of End Entities Registry

Summary

BEER is envisioned as a lightweight, global registrar for SAML Metadata representing both SAML and non-SAML endpoints (eg OpenID, IMI). It is intended as a quick activity to catalyze easier international use of federated identity. The service is not intended to be a replacement for federation or inter-federation, but is intended to be a tool supporting such activities. The service is intended to be operational Jan 2011. It may be operated by an interim operator and move to a permanent home if the service is seen as useful.

Service Description

The service is intended to begin by serving a limited set of use cases, with additional use cases being brought in as policy and technology permit. We intend to be agnostic in accepted metadata, but will do schema validation on a controlled set of technologies, including SAML 2.0 and OpenId and IMI.   The metadata assembled will depend on the use cases but will minimally support key changeover, and possibly organizational and contact information.

The trust associated with the entries in BEER is based on demonstrated ownership of the domain. Consumers of the metadata are expected to understand this.

The service is not intended to address the privacy dimensions of this problem space. Federations that import metadata from BEER are expected to address privacy considerations such as required ARP's themselves.

Registrants come to the service with the expectation that they are publishing their metadata without constraint. Federations that use BEER may well constrain what information they import.

The service will have a standardized metadata tagging service. Tagging should be done by registrars and aggregators, but not by EE or queries (they can use the tags). The semantics of the tags needs to be worked out.

User Stories

Next steps: