Representatives from the UK Access Management Federation and JISC Outreach team attended the first ever International federation peering workshop in Prague last month to discuss the main drivers and possible use cases for inter-federation operability. Many countries were represented at the meeting, mostly from Europe but also from Australia, the United States, Japan and Brazil. There was very lively discussion at the workshop about various issues including federation models, levels of assurance, the use of attributes and privacy.

Different federation models and their definitions were discussed including confederation (agreement among several federations), peering (agreement between two federations) and leverage (membership of smaller federation and also an overarching federation). In particular we talked about how these models might work across different sectors eg. public sector and government, business and social and across international borders.

Levels of assurance and attributes are important issues to consider for inter-federation operability and some policy work on this is being carried out by JISC on a study looking at commonalities between national access management federation policies. It is important all members of federations have trust in the federation they are have a peering or confederation agreement with, particularly with regards to issues relating to the exchange of information about users and resources eg. levels of assurance for the protection of user’s privacy. Agreement on the levels of assurance and agreeing to a standard set of attributes will be important to the operability between federations.

Participants were asked to identify possible use cases for inter-federation peering or confederation, particularly where this would aid collaborative work and sharing of resources available at other institutions.

OpenID also seemed to be a hot topic, and there is currently some work being done on interoperability between SAML-based federations and OpenID.

We all know the trick to getting the best fastest piece of IT kit for your buck. -Locating the speed bottle neck. Its no use buying a hyper fast graphics card, if the speed of onboard memory is too slow, or having a fast shooting Digital SLR Camera if the compact flash card has a slow write speed. Well its the same with access management. So much of what we do in improving access to content depends on every link in the chain. One element which we tend to look at least (maybe because it doesn’t have a technical standard linked to it?) is licensing.

24/7, remote, finely grained access to content only happens when the license permits it too.

Lets not forget we need 21st century licenses for 21st century technology.

Tags: jisc-serv-am-briefing