Be the first to like this
Identity federations play a pivotal role in facilitating easier collaboration and sharing of services around the globe. While the protocols, technology, and best practices of federations and their services are reasonably mature, the adoption and installation of needed tools and services to participate with them can be significantly improved.
A digital divide appears to have developed and is growing between those who are participating and those who want to, but feel they cannot. Pinpointing why this divide exists and how to close the gap is a source of debate but some simple statements can be made:
● Reducing the time to deploy services will help relieve pressure on time and resources for all
● Easier deployment of local components benefits both new participants grappling with the technology adoption curve and existing participants by growing the community
● Embedding best practices and core principles of security and service operation help avoid re-inventing the wheel for new participants as well as help maintain overall quality for the whole community.
Attempting to address this divide has been the work of a number of federation operators and NRENs each at different stages of their plans. This presentation will explore and discuss the various approaches that the NREN community has undertaken and contrast them with how SUNET’s SWAMID and CANARIE’s CAF collaboratively created approach compares. A key component of the approach is to streamline software deployments to support eduroam federated 802.1x authentication using FreeRADIUS and SAML2 federation services using Shibboleth software on a single VM instance. While each service on their own may have been done in the past, combining them in a federation aware context, and simplifying the overall experience is relatively new and revealed a great deal of overlap and efficiencies that could be gained doing so.
The presentation will discuss the various collaboration and decision challenges encountered with implementers in two different federations on two different continents and an eye to other federation’s needs. The implementers feel that design decisions have led to an implementation that is able to be extended to other federations which will also be explored and discussed. Time permitting, a demonstration of the solution deployment process will be shown.