Speaker
Jouke Roorda
(Nikhef)
Description
The way we, in Research and Education, do identity federation - especially in
collaborations - diers from the `standard' use case that companies have. After
all, in contrary to one identity provider to many services, we want many sources
of identity linked to many services. For many years, SAML has successfully been
coerced into adapting to this model, but the times are changing, and OpenID
Connect (OIDC) and OAuth are starting to enjoy the support of IT companies
- more so than SAML does.
With the years of experience SAML has brought us, we as a community
are able to implement federations in a way that should prevent issues we have
encountered before. This is done in the OIDCfed specication, lead by Roland
Hedberg.
To contribute to this process, we have during the past two years, black-box
tested the OIDCfed reference implementation written in Python, and leveraged
these experiences to create a secondary (HSM supporting) full implementation
of a `Trust Anchor'/Metadata Signing Service (MDSS) - based solely on the on
the specication, especially focusing on ease-of-use and maintainability.
At the time of writing this abstract, we are working towards a library that
supports identity sources and services in their usage of the new specication.
This library too, is going to be a 100% compliant, full implementation of the
relevant parts of the specication, based on sustainable technology.
In this talk, we would like to share our experiences working on the OIDCfed
specication and implementations, and explore the needs of the community with
regards to using this new standard.
Primary author
Jouke Roorda
(Nikhef)
