Successfully reported this slideshow.

Exchanging Metadata on a Global Scale

1,824 views

Published on

Presentation on metadata exchange to EIC2012

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Exchanging Metadata on a Global Scale

  1. 1. Exchanging Metadata on a Global Scale 1
  2. 2. Me• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity. 2
  3. 3. R&E Federations Status (1) 3
  4. 4. R&E Federations Status (2)• 27 Federations plus 2 interfederations.• 4753 entities within those federations.• 1815 Identity Providers.• 2755 Service Providers.• Plus several ‘others’ (don’t worry about it). (September 2011) (I haven’t counted for a while)…but many of those entities are the same!• Microsoft registered with 14 federations.• Elsevier, 12 federations. 4
  5. 5. So it’s all working, right? 5
  6. 6. For SPs, Federation Sucks I know because I wrote a paper on it! 6
  7. 7. Barriers• Multiple registry (and publication) of entity data.• Multiple legal documents.• One-off clauses.• Interpretation of data protection.• Sponsorship letters.• Fees.• Technical Barriers.https://refeds.terena.org/index.php/Barriers_for_Service_Providers 7
  8. 8. Registering Entity Data• Federations are just big metadata (xml) files.• Entity = your chunk of that data.• It goes a bit like this: 8
  9. 9. How does it work?Federation AFederation B YouFederation C 9
  10. 10. What we need is a place where this can be centrally registered and then called on by federations… 10
  11. 11. PEERhttp://beta.terena-peer.yaco.es/ 11
  12. 12. PEER (2)• Allows for one time registration of entity data.• Federations collect from central pool.• Federations transform and adapt entity data according to their requirements.• Technical trust only.• Ongoing legal requirements at federations? 12
  13. 13. Full Interfederation• The ability of federations to exchange metadata about their entities.• Normally an additional legal agreement between the 2 federations.• Full technical and policy integration. 13
  14. 14. eduGain (1)www.edugain.org 14
  15. 15. eduGain (2) – Drawbacks• At least one of the federations you are a member of needs to have signed up for eduGain.• Opt-in: you have to ask to be included in an aggregate.• Not always clear which entities are interfederated – are your customers there? 15
  16. 16. eduGain (3) Benefits• Only have to have a relationship with 1 federation.• Technically, as an SP, you can chose which federation that is. 16
  17. 17. Value Proposition• Metadata Exchange (MDX) means a bigger pool of metadata for all;• Broadens reach of existing federations;• Increases value of federated login in general;• Reduced friction for entities who work internationally;• Reduced cost of acquisition for metadata;• (balanced against revenue loss if you charge). 17
  18. 18. So, how do we manage this stuff?• My entity descriptor doesn’t look like your entity descriptor.• You want me to put this foreign stuff in my nice clean metadata export?• Your metadata comes with weird requirements (copyright notice). 18
  19. 19. Export OptionsWe could give you….• Our production aggregate (you filter);• An export aggregate per partner federation;• Common export aggregate. 19
  20. 20. Import OptionsAdding to our metadata:• End entity loads from multiple federations (you sort it out);• Republish multiple exported aggregates (which do you consume?);• Republish consolidated exported aggregate;• Republish within production aggregate; – as flat aggregate; – as hierarchical aggregate. 20
  21. 21. Shibboleth Metadata Aggregator 21
  22. 22. In Summary• It’s hard;• There are multiple ways - both technical and legal;• Standards aren’t enough, we need common practise;• It’s confusing to explain to the people who need it;• We need to adopt new tools to make this happen. 22
  23. 23. Thanks for listening 23

×