Internet2
Site Index |
Membership | Communities | Network | NET+ | Research | Events | News | About
| Internet2 Home > Middleware

Middleware
>Home
>Middleware
   Overview (PDF)
>Mailing Lists


Federations and Shibboleth

What is federated administration?

Federated administration is a new, promising approach to electronic interactions between enterprises, particularly among those in a common market sector. It assumes local middleware infrastructure deployed in a consistent fashion among those enterprises that permit their individual users to collaborate with each other, communicate, transact, and access controlled resources across networks. To work, a federation of enterprises typically needs to agree on two sets of topics: technical specifications (e.g, the software to interoperate with, the data profiles to exchange) and policy specifications (e.g. practices for producing trustworthy data, handling of privacy, etc.). Federations may be likely structures within higher ed, financial service partners, medical collaboratives such as hospitals and clinics, government agencies and commercial service providers, etc.

What is the connection between Shibboleth and federations?

Shibboleth presumes a federation to operate in. It is one of a few emergent “federating tools”, such as the Liberty Alliance, Microsoft’s .NET, RedIRIS’s PAPI, etc. All these systems are intended to work within a federation, though each emphasizes different aspects of what a federation could be.

What are the types of federations?

There appears to be at least three types of federation emerging. Internal federations are occurring among the many subsidiaries of large companies, especially for those companies with more dynamic acquisition profiles. Private federations occur among independent enterprises, typically within a market sector, that want to facilitate a specific set of transactions and interactions. For example, several large banks have formed a federation to allow their customers to access a combined catalogue of research materials and services. Public federations address more free-standing, long-term, general-purpose requirements, and need to be more open about rules of engagement. Public federations face significant scaling issues and may not be able to leverage contractual relationships that private federations can.

What are the distinctive needs for federations in the research and education community?

Federations that serve the R&E community are likely to be public. They will likely include strong privacy protections, and strong authentication where needed. They need to function in international contexts, as multinational research communities are now normative.

What are the specific activities that federations do?

To operate successfully, federations must provide two sets of services

  • metadata management – federations must aggregate, distribute and maintain their members signature validation keys, enterprise names, contacts, and attribute syntax and semantics.
  • trust management – security policies, privacy policies, operational management controls

These functions can be centrally controlled or distributed; similarly they can be centrally or audited

What is the real world status of federations?

There are several software systems that are precipitating the formation of federations: Shib, Liberty and Federated Passport. All are in ongoing development phases and just beginning deployments. There have been a handful of early internal and small private federations, some using homebrew code and some Liberty-based. There have been no public feds but the activities within higher ed may constitute a start.

What should I do if I want to use Shibboleth in higher education? What is InCommon?

See the accompanying document - Shibboleth-Based Federations in Higher Education

 

© 1996 - 2010 Internet2 - All rights reserved | Terms of Use | Privacy | Contact Us
1000 Oakbrook Drive, Suite 300, Ann Arbor MI 48104 | Phone: +1-734-913-4250