...
- OIDC Federations: dynamic, not static discovery
- Policies
- Metadata self-contained, transport and origin independent
--> chain of trust
--> metadata statement
--> Federation "depth" --> tree basically, op and rp can belong to several federations or none - First federations planning to use proxies for OIDC, like Haka
- OIDC for web and smartphone, non-web?
- Work going on at InCommon
- AARC is moving faster forward than REFEDS
- let Maarten and Roland know if you have a use case
EduKEEP
...
Life long learning -> one id
federations in central way
Issues:
- old id is distroyed when leaving organisation
- multiple ids possible
- no support for services when you leave an organisation/community
- multiple concurrent affiliations
--> user-centric approach
--> split authentication and authorisation
--> persistent digital identity
--> longevity
--> inclusiveness
LoA, Link to other initiatives
Implementations:
- SWITCH --> EduID
enriching identity
personal responsibilities of individuals
proxy, might by hybrid (SAML/OIDC) - SUNET --> EduID
- GARR --> eGov ID
User cases:
- Alumni
- Researchers
- Teachers
- Third party Services
Risks:
- Central operations
- Security
- Critical process
- Legal implications
- Financial models
- Government models
High Level Architecture document
Discussion:
- bigger budget on law (–> Pal)
- for new federations in Africa? pricing model needs to be clear
Action Items