80 likes | 187 Vues
(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington. US E-Authentication Initiative. Infra for authentication for web-based apps for most (24) USG agencies, e-auth is how users (both intra- and extra-gov) will authenticate
E N D
(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington
US E-Authentication Initiative Infra for authentication for web-based apps for most (24) USG agencies, e-auth is how users (both intra- and extra-gov) will authenticate e-auth-using apps supposed to be running now a few in use now, eg Fidelity users and SSA CAF defines IdM requirements for IdPs 4 levels of assurance, higher 2 require user certs 3 schools (UW, PSU, Cornell) evaluated for L2 came to halt due to EAI participation agreement
InCommon and Interfed InCommon Federation for US Higher Ed 20 campus IdPs, 10 or so SPs, growing IdPs only have to publish practices, SPs evaluate Interfederation GSA won't assess a zillion campuses so InC and EAI interfederate don't know how it will work yet could go both directions
Policy Issues are USG apps motivation to modify campus IdM? ID proofing, passwords, division of pop into LoAs role of InCommon in audits, assurance? just use USG-defined LoAs? or make some more for our purposes?
Low-Assurance IdP in InCommon? Apps would like to federate, but not all users are from participating IdPs so, add "consumer-style" IdP with email signup could let campuses avoid running one what would apps require from it? does it "dilute" federation quality?