Security/identity · 2007-07-20

SAML news and interfederation

Via Tom Scavo comes the news (PDF) that the U.S. E-Authentication program has finished revising its architecture to use SAML’s latest version, 2.0, “to better meet the authentication needs of agencies.” I noticed that this issue of the GSA Federation News newsletter also has an article on interfederation, the higher-order joining together of existing federations, and GSA’s efforts to figure this out with the Internet2 InCommon folks. This is a really important tool for achieving the ever-wider linking of accounts that I’ve been blathering about lately. (Ooh, and it’s another term I can add to my growing F-word lexicon.)

InCommon has the clearest, cleanest invitation to join a federation that I’ve ever seen — it may provide a model for how to tackle the business aspects of huge-scale account linking with accountability. That said, Georgia Marsh and her E-Authentication colleagues highlighted interfederation as an issue that’s very much alive when they spoke at the recent Concordia workshop (check out her slides for some detailed numbers on their program’s adoption levels to date). And she stressed to me yesterday that nontechnical issues such as interfederation, and the mismatches between partners’ business frameworks, trump any technical issues they find when it comes to interoperability. The cool thing is that this is now a matter of active, practical discussion.

By the way, I’ve been circling back with the use case presenters at this workshop, and I’m planning to host a Concordia telecon in the next small handful of weeks to discuss what we learned and select two or three “hot” areas to focus on going forward. If you’re not on the mailing list and want to take part, now’s an excellent time to join.

All that fruit hanging about ten feet up on the federated identity tree is starting to look more and more reachable…