exchanging metadata on a global scale
DESCRIPTION
Presentation on metadata exchange to EIC2012TRANSCRIPT
1
Exchanging Metadata on a Global Scale
2
Me
• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity.
3
R&E Federations Status (1)
4
R&E Federations Status (2)
• 27 Federations plus 2 interfederations.• 4753 entities within those federations.• 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it).
(September 2011)(I haven’t counted for a while)
…but many of those entities are the same!• Microsoft registered with 14 federations. • Elsevier, 12 federations.
5
So it’s all working, right?
6
For SPs, Federation Sucks
I know because I wrote a paper on it!
7
Barriers
• Multiple registry (and publication) of entity data. • Multiple legal documents. • One-off clauses.• Interpretation of data protection. • Sponsorship letters.• Fees.• Technical Barriers.
https://refeds.terena.org/index.php/Barriers_for_Service_Providers
8
Registering Entity Data
• Federations are just big metadata (xml) files.• Entity = your chunk of that data. • It goes a bit like this:
9
How does it work?
Federation A
Federation B
Federation C
You
10
What we need is a place where this can be centrally registered and then called on by federations…
11
PEER
http://beta.terena-peer.yaco.es/
12
• Allows for one time registration of entity data. • Federations collect from central pool. • Federations transform and adapt entity data according to
their requirements. • Technical trust only. • Ongoing legal requirements at federations?
PEER (2)
13
Full Interfederation
• The ability of federations to exchange metadata about their entities.
• Normally an additional legal agreement between the 2 federations.
• Full technical and policy integration.
14
eduGain (1)
www.edugain.org
15
eduGain (2) – Drawbacks
• At least one of the federations you are a member of needs to have signed up for eduGain.
• Opt-in: you have to ask to be included in an aggregate. • Not always clear which entities are interfederated – are
your customers there?
16
eduGain (3) Benefits
• Only have to have a relationship with 1 federation. • Technically, as an SP, you can chose which federation that
is.
17
Value Proposition
• Metadata Exchange (MDX) means a bigger pool of metadata for all;
• Broadens reach of existing federations;
• Increases value of federated login in general;
• Reduced friction for entities who work internationally;
• Reduced cost of acquisition for metadata;
• (balanced against revenue loss if you charge).
18
• My entity descriptor doesn’t look like your entity descriptor.
• You want me to put this foreign stuff in my nice clean metadata export?
• Your metadata comes with weird requirements (copyright notice).
So, how do we manage this stuff?
19
Export Options
We could give you….
• Our production aggregate (you filter);• An export aggregate per partner federation;• Common export aggregate.
20
Import Options
Adding to our metadata:
• End entity loads from multiple federations (you sort it out);
• Republish multiple exported aggregates (which do you consume?);
• Republish consolidated exported aggregate;• Republish within production aggregate;– as flat aggregate;– as hierarchical aggregate.
21
Shibboleth Metadata Aggregator
22
• It’s hard;
• There are multiple ways - both technical and legal;
• Standards aren’t enough, we need common practise;
• It’s confusing to explain to the people who need it;
• We need to adopt new tools to make this happen.
In Summary
23
Thanks for listening