Federation API
Full Title or Meme
A Federation API is designed to allow communicating parties to determine if the other party is a member of a particular federation and which options of the federation are supported.
Context
Each federation publishes a Framework Profile which describes the conditions for membership in the federation. THe term profile is used in the context because the base assumption is that trust federations are single rooted into a common trust framework in which all are bound by a set of baseline functional requirements (the BFR).
The existing SAML 2.0 Federation API is purely technical. It is designed to allow one Entity to get configuration data from another Entity where a single Framework Profile is assumed to apply to all entities. As Web Sites discover a need to belong to adhere to more than one Framework Profile because of a diverse set of Users, and the Users are sufficiently savvy to pick and choose from Framework Profiles based on their own needs, a more complex set of conditions need to be accommodated. In particular it is expected that Users will be able to query one or more Federation APIs to get a list of Web Sites that meet their queiry.
Problem
The Federation API need to solve the following set of User expectations.
- The user is not familiar with the specific syntax of any federation by wishes to learn more about the members by query.
- Framework Profiles will each create a different list of required and optional elements.
- Each Federation Office will have their own update cycle with respect not only to their own elements but also the implemented version of the API.
