Interfederation Working

Nicole Harris UK Access Management Focus, JISC Advance

@nicoleharrisSlides: http://www.slideshare.net/nicolevharris

Bookmarks: http://goo.gl/ubxCR

Me

• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity.

What does the R&E Federation space look like?

R&E Federations Status (1)

R&E Federations Status (2)

• 27 Federations plus 2 confederations.• 4753 entities within those federations.• 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it).

Top resources?

• In 14 federations: – Czech Medical Atlas and Microsoft Dreamspark.

• In 12: – Web of Knowledge, Scopus, ScienceDirect.

• In 11: – IEEE, EBSCO.

• In 10: – Springer, OVID.

So it’s all working, right?

For SPs, Federation SucksI know because I wrote a paper on it!

Barriers

• Multiple registry of entity data. • Multiple legal documents. • One-off clauses.• Interpretation of data protection. • Sponsorship letters.• Fees.• Technical Barriers.

https://refeds.terena.org/index.php/Barriers_for_Service_Providers

Registering Entity Data

• Federations are just big metadata (xml) files.• Entity = your chunk of that data. • It goes a bit like this:

How does it work?

Federation A

Federation B

Federation C

You

What we need is a place where this can be centrally registered and then called on by federations…

PEER

http://beta.terena-peer.yaco.es/

Legal Contracts

Wouldn’t it be great if these were standardised and simplified?

REFEDs Policy Review

• Painstakingly taking apart every clause in every federation policy.

• Mapping these to generic content ‘blocks’ and ‘elements’ within each block.

• Making recommendations about structure and unnecessary language.

• NOT a legal review.

Isn’t there an easier way?

Full Interfederation

• The ability of federations to exchange metadata about their entities.

• Normally an additional legal agreement between the 2 federations.

• Full technical and policy integration. • UK piloting with eduGate – contact me if you

would like to be involved!

eduGain (1)

www.edugain.org

eduGain (2) – Drawbacks

• At least one of the federations you are a member of needs to have signed up for eduGain.

• Opt-in: you have to ask to be included in an aggregate.

• Not always clear which entities are interfederated – are your customers there?

eduGain (3) Benefits

• Only have to have a relationship with 1 federation.

• Technically, as an SP, you can chose with federation that is.

A quick note on Barriers to Users

Login Interfaces Suck I know this because I’ve tried to use them

How Bad?

New UK federation WAYF

You can use the data too!

MDUI Information (1)

MDUI Information (2)

MDUI, What do we need?

• A link to a logo on an https protected page, with a width between 64px and 350px and height between 64px and 170px.

• A Display Name.• A 100 character description of your service.• Send to: service@ukfederation.org.uk.

We can already make the horrible things Andy is going to talk about go away!

Shibboleth Embedded Discovery: https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+ServiceDiscoJuice: http://discojuice.org/

Thank you for listening