Download - Exchanging Metadata on a Global Scale
![Page 1: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/1.jpg)
1
Exchanging Metadata on a Global Scale
![Page 2: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/2.jpg)
2
Me
• UK Access Management Focus;• Advisor to UK federation;• REFEDS Coordinator;• PEER Project Manager;• Shibboleth Consortium Manager;• Generally opinionated about access and identity.
![Page 3: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/3.jpg)
3
R&E Federations Status (1)
![Page 4: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/4.jpg)
4
R&E Federations Status (2)
• 27 Federations plus 2 interfederations.• 4753 entities within those federations.• 1815 Identity Providers. • 2755 Service Providers. • Plus several ‘others’ (don’t worry about it).
(September 2011)(I haven’t counted for a while)
…but many of those entities are the same!• Microsoft registered with 14 federations. • Elsevier, 12 federations.
![Page 5: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/5.jpg)
5
So it’s all working, right?
![Page 6: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/6.jpg)
6
For SPs, Federation Sucks
I know because I wrote a paper on it!
![Page 7: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/7.jpg)
7
Barriers
• Multiple registry (and publication) of entity data. • Multiple legal documents. • One-off clauses.• Interpretation of data protection. • Sponsorship letters.• Fees.• Technical Barriers.
https://refeds.terena.org/index.php/Barriers_for_Service_Providers
![Page 8: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/8.jpg)
8
Registering Entity Data
• Federations are just big metadata (xml) files.• Entity = your chunk of that data. • It goes a bit like this:
![Page 9: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/9.jpg)
9
How does it work?
Federation A
Federation B
Federation C
You
![Page 10: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/10.jpg)
10
What we need is a place where this can be centrally registered and then called on by federations…
![Page 11: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/11.jpg)
11
PEER
http://beta.terena-peer.yaco.es/
![Page 12: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/12.jpg)
12
• Allows for one time registration of entity data. • Federations collect from central pool. • Federations transform and adapt entity data according to
their requirements. • Technical trust only. • Ongoing legal requirements at federations?
PEER (2)
![Page 13: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/13.jpg)
13
Full Interfederation
• The ability of federations to exchange metadata about their entities.
• Normally an additional legal agreement between the 2 federations.
• Full technical and policy integration.
![Page 14: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/14.jpg)
14
eduGain (1)
www.edugain.org
![Page 15: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/15.jpg)
15
eduGain (2) – Drawbacks
• At least one of the federations you are a member of needs to have signed up for eduGain.
• Opt-in: you have to ask to be included in an aggregate. • Not always clear which entities are interfederated – are
your customers there?
![Page 16: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/16.jpg)
16
eduGain (3) Benefits
• Only have to have a relationship with 1 federation. • Technically, as an SP, you can chose which federation that
is.
![Page 17: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/17.jpg)
17
Value Proposition
• Metadata Exchange (MDX) means a bigger pool of metadata for all;
• Broadens reach of existing federations;
• Increases value of federated login in general;
• Reduced friction for entities who work internationally;
• Reduced cost of acquisition for metadata;
• (balanced against revenue loss if you charge).
![Page 18: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/18.jpg)
18
• My entity descriptor doesn’t look like your entity descriptor.
• You want me to put this foreign stuff in my nice clean metadata export?
• Your metadata comes with weird requirements (copyright notice).
So, how do we manage this stuff?
![Page 19: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/19.jpg)
19
Export Options
We could give you….
• Our production aggregate (you filter);• An export aggregate per partner federation;• Common export aggregate.
![Page 20: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/20.jpg)
20
Import Options
Adding to our metadata:
• End entity loads from multiple federations (you sort it out);
• Republish multiple exported aggregates (which do you consume?);
• Republish consolidated exported aggregate;• Republish within production aggregate;– as flat aggregate;– as hierarchical aggregate.
![Page 21: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/21.jpg)
21
Shibboleth Metadata Aggregator
![Page 22: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/22.jpg)
22
• It’s hard;
• There are multiple ways - both technical and legal;
• Standards aren’t enough, we need common practise;
• It’s confusing to explain to the people who need it;
• We need to adopt new tools to make this happen.
In Summary
![Page 23: Exchanging Metadata on a Global Scale](https://reader035.vdocument.in/reader035/viewer/2022070319/557e8b08d8b42acf658b5163/html5/thumbnails/23.jpg)
23
Thanks for listening