In order to make one federation you will need...Friday, 18 February 2011
A selection of Identity Providers (IdPs) - i.e. institutions with a directory of people that want to access stuff. A selection of Service Providers (SPs) - i.e. stuff you want to access. Some Policy. Some Infrastructure. A smattering of metadata. One large pot to boil it in.Friday, 18 February 2011
CAN I BE AN IDENTITY PROVIDER? Do you have some kind of directory of your users? Could you manage installing software such as Shibboleth or SimpleSAMLPhP? IF YES, GO TO NEXT SLIDE IF NO.... Is there someone who could do that work for you? Eduserv in the UK offers ‘managed directories’ (at a cost) Could an organisation manage a central directory for you?Friday, 18 February 2011
WHAT ABOUT SERVICE PROVIDERS? The good news here is that most of the providers with EIFL licenses already offer federated access in countries such as the UK (see: http://www.ukfederation.org.uk/content/Documents/AvailableServices). Negotiations would be required to sign them up for EIFL participant federations. What about institutions as Service Providers? Your repositories, blogs, wikis, webpages etc. Can you manage to install SimpleSAMLPhP or Shibboleth Service Provider software?Friday, 18 February 2011
AND THE POLICY? Each ‘federation’ (see later slides) is typically governed by a policy that deﬁnes how the IdPs and SPs can work together and trust each other. The good news here is that we have lots of examples from federations around the world that could be repurposed. Policy doesn’t have to be complex.Friday, 18 February 2011
FEDERATION INFRASTRUCTURE Currently most federations are managed on a national basis and each federation has its own infrastructure that registers IdPs and SPs and collects, aggregates, distributes and signs metadata - there is a overhead . Other models can be used - e.g. perhaps an EIFL federation. Federations already looking at different models - the REFEDS PEER project is looking at providing a central repository for metadata that could be a good solution here.Friday, 18 February 2011
AND THE METADATA? The information that makes this all work. Tell IdPs and SPs how and where to ﬁnd stuff - where is your login page. Is signed for trust purposes. Tells you about attribute policies - i.e. what information is the Identity Provider willing to give the Service Provider (anonymous, pseudonymous, personal data).Friday, 18 February 2011
However, federations cannot be cooked in a day. The good news?....Friday, 18 February 2011
EXPERT HELP REFEDS group of national federations (www.refeds.org) with capacity to support emerging federations. TERENA training and advice (www.terena.org), talk to Brook Schoﬁeld). Supportive people in the community. Natural links (i.e. JISC Advance with HEA).Friday, 18 February 2011
WHAT CAN WE DO TO HELP?Friday, 18 February 2011
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.