CONNECT44 contained an article summarizing 20 years of Federated Identity Management in the GÉANT community. This article was originally prepared for and posted in the week of the EOSC Symposium in Madrid, in September 2023. It was written for an audience at the EOSC Symposium with the aim to clarify to the EOSC community, what GÉANT and NREN representatives actually mean, when they say: we have 20 years of experience with federated services.
But, of course, the story was not complete. Federated Identity Management (FIM), as everything else in this life, is not an island and in this case cannot be separated from the global REFEDS community without people asking: why did you not mention REFEDS?. And with that in mind, I am very pleased to add the highlights of the developments in the REFEDS environment to the 20 years of FIM article. And even more pleased that in this endeavour, I am co-authored by Heather Flanagan (Spherical Cow Consulting), coordinator of REFEDS along with Nicole Harris (GÉANT).
REFEDS started in 2005 with the mission to provide an open collaboration hub for stakeholders in the Research and Education identity federation ecosystem to learn, educate, and build standards and best common practices for federations internationally.
Since its inception, REFEDS has provided guidance for new and existing federations. Everything from describing the value proposition in a way that federation operators could take to their leadership to common specifications for attribute release via entity categories has come from the community to grow federations in the best ways possible.
Consistency for eduGAIN
eduGAIN, that federation of federations, is one powerful example of REFEDS standards and best practices in production. REFEDS defines the standards; eduGAIN implements them. For example, the REFEDS Baseline Expectations specification “defines a common set of expectations of all participant organisations to establish a baseline of trust in identity federations.” The eduGAIN community has agreed to adopt those and request all member federations follow suit in 2024.
Simplifying the Complexity
“Federated Identity Management is only as scalable as it is offers simplicity from the complexity.”
Federations formed out of a need to provide authoritative information in an efficient and secure manner. Rather than establishing individual agreements with every research group, library subscription, and academic service, the goal has always been to support standardized trust models. Often, the data being requested about an individual follows common patterns. Perhaps the organization that has the identity data wants some assurance that the organization requesting the data is one that supports research and scholarship. Or, as is often the case, the goal is to have no personally identifying information shared at all while still indicating whether an individual is entitled to the access they are requesting.
This is where the concept of entity categories comes in. Entity categories group federation entities that share common criteria. Rather than requiring every identity provider (IdP) and service provider (SP) establish individual rules for what information is shared during a federated identity authentication and authorization request, using an entity category to organize and simplify the requests is an enormous value to all parties. Defining entity categories is one of the activities REFEDS undertakes.
Enabling Trust in AAI
From providing best practice guidance for federation operators to describing the right way to support federated authorization, the REFEDS community defines what trust looks like in FIM. Every year, the community builds a new REFEDS Workplan to help federation operators solve their challenges. From what changes in browser behavior will do to the FIM model to helping define new attributes beyond “researcher” and “member,” the community donates its time to evolving a robust, trusted ecosystem.
Building on a Strategy
In 2022 REFEDS developed a strategic plan to help guide the future work. It’s worth a look if you’re interested in understanding REFEDS’ mission and goals for the future: https://refeds.org/strategic-plan
To find out more about REFEDS and its work visit the REFEDS site