Download
1 / 5
50 likes | 185 Vues
This document outlines the challenges and solutions encountered in implementing cross-federation practices within SAML federations. Key issues include support limitations for SAML2, the prevalence of SAML1.x Identity Providers (IdPs), and the complexities of authorization and adding new IdPs. Discussions focus on metadata encryption, authorization controls, and potential agreements for federation collaboration. It aims to enhance interoperability and trust among federations, highlighting the importance of addressing technical and administrative hurdles.
E N D
REFEDs WikiA test-bed for cross-federation practices ? <LOCATION TITLE><City, Country><Date> Firstname LastnameJob titlelastname@terena.orgwww.terena.org
Habemus ‘federated’ wiki • We thought we were set…but quiet a few issues arose: • Support for SAML2 only • It turns out that there more SAML1.x IdPs than we thought. • AuthZ, the famous entitlement; • Adding new IdPs, there is something to say about this; • Metadata encryption, hopefully solved. <lastname@terena.org>
Authorisation now • Already in place in the REFEDs wiki operated by RedIRIS:
Authorisation in the future • ACLs? • Using rev. on both sides ?
Adding new IdPs • Several options: • In some cases we simply add the metadata of a specific IdP; • Some federations require the federation IdP to be connected: • TERENA should sign an agreement with that federations; • Some federations proposed TERENA to join that specific federation
