Waving the Standard

I’ve come to realise that we are very keen on Services in the education sector, particularly within the UK. By this I mean capital S Services, big monolithic ‘things’ with the sense of tangibility: websites, service levels, staff, physical homes, known server locations – that sort of thing.

I think this is why there is so much focus in the work I currently do on the UK federation itself, rather than the thing that we are actually trying to implement – the SAML standard. OK, I know, standards are dull and boring things for techies and Services are things that real people use. I just wonder how this focus will bear out in the long-term vision of where we are going with access and identity management in a world of web2 and cloud computing?

I’ve always seen the federation structure as a practical delivery model that will change over time. As seen in the slide below and in presentations I have recently given on assurance – federations are as means to an end. They are a convenient, pragmatic, usable way of embedding the SAML standard within the UK education community.

It is important that we don’t get too obsessed with the construct of the federation and remember that it is the standard that is the important thing. I think it is very likely that the structure and central role of the federation will significantly change over the years as metadata aggregation takes on a more distributed model as I have previously discussed. Federated access management has the potential to offer a lot as a distributed service model within the cloud – which is why I disagree somewhat with some of the developments of federations in Europe that are placing a lot of functionality within the federation itself.

Focusing on the standard rather than technologies and applications helps remind us of what has been achieved in the federated access management space – a significant number of countries all converging on SAML. This means that whatever service structures we put in place to help support adoption of the standard in our countries, we should always have the potential to talk to each other. This is a huge achievement, and one that I think goes a little unrecognised in the nitpicking about service delivery. It also means that we have the flexibility to move forward and adapt – SAML allows you to work with new technologies such as OpenID and InfoCard implementations, but also with new platforms such as Google Wave. Standards are the key to moving forward, and that is why we have moved or community towards its adoption, whatever the technological implementation.

This is why I was pleased to see the official announcement of the Kantara Initiative yesterday. Kantara aims to be a global talking shop for all things access and identity management – but based around open source, open standards and open participation. The announcement states that:

“A commitment to open standards means the Kantara Initiative Community will collaborate on projects that make use of all of the identity frameworks, protocols and specifications in the marketplace today. This means solutions could be built based on one or a combination of several IAF, ID-WSF, IGF, Information Card, OAuth, OpenID, SAML 2.0, WS-*, XACML and XDI standards.”

I think that is exactly the right attitude to have, and would encourage you to go and look at the Kantara website. You can also follow ‘Kantarainitiative’ on Flickr, SlideShare and YouTube, and KantaraNews on Twitter.