Difference between revisions of "Federation"

Revision as of 09:08, 12 April 2021

Full Title or Meme

Wherever a collection of Web Sites band together to create a common set of rules that all agree to be bound by.

Context

• Federation originated in the foederati states that were supported by the Roman Empire in lands bordering the empire. "Less expensive and more efficient in operation, the foederati ultimately became independent rulers of the borderlands, with their interests intersectingin many ways with the policy of their imperial superiors.^[1]
• Federation allow the creation of an Identifier. Ecosystem to be implemented for the imposition of policies that apply to all members of the federation.

Problem

• Most Identity Management systems are constructed to work with a range of publicly accessible sites that do not have all of the security protections that are required in high value transactions.

Solution

In order that a Federation can expose both is principles and its membership to the public a Federation Trust Repository must be maintained and Trusted by users of the Federation.

• OpenID Connect Federation 1.0 - draft 10

  The OpenID Connect standard specifies how a Relying Party (RP) can discover metadata about an OpenID Provider (OP), and then register to obtain RP credentials. The Provider Discovery and registration process does not involve any mechanisms of dynamically establishing trust in the exchanged information, but instead rely on out-of-band trust establishment. In an identity federation context, this is not sufficient. The participants of the federation must be able to trust information provided about other participants in the federation. OpenID Connect Federations specifies how trust can be dynamically obtained by resolving trust from a common trusted third party.

References

1. ↑ Marcin Grodzki, Yeuda D. Nevoll Rocznik Orientalistyczny, vol. LXXI, issue 1, 2018, pp. 55–95

Other Material

• The NIST Cloud Federation Reference Architecture