Table of Contents
The implementation of Shibboleth technology requires the development of trust between organisations planning to share resources. This trust can be nurtured through the formation of a federation of interested organisations.
Federations are made up of a group of organisations, usually with a common purpose (e.g. research and education), who trust one another. Federations also need to gain the trust of suppliers or resource providers. Federations operate to a set of agreed rules, some of which will be common to all federations, others may be useful or necessary to be developed locally. Federations can have their own legal status as an organisation in their own right.
Federations commonly exchange information about their users in order to enable transactions and collaboration to occur. This will lead to a variety of legal issues, and the need to develop security and a privacy set of understandings between the participating institutions.
At its most basic, a Shibboleth Federation is an agreement between resource (service) providers and institutions (identity providers) wishing to access those resources or services. For sharing to occur, all parties need to agree on a common set of acceptable authorisation attributes for their users, and a schema to describe them.
There is no technical need for federations to exist, however, federations should be useful in simplifying management decisions regarding the sharing of resources between partners. Both technical and policy decisions need to be made, and making these arrangements once to meet the many needs of a community scales better than relying on a series of two-party agreements.
A federation should act as an independent body, managing the trust relationship between the identity providers and the service providers.
In the Shibboleth model the service provider only sees the attributes of a user that allow the service provider to judge whether the user is authorised to access the service. The identity provider supplies the attributes for each user, but does not reveal the identity of individual users. Therefore the service provider has to trust the identity provider.
The federation can act to simplify the relationships between identity providers and service providers, as instead of requiring multiple agreements with each identity provider, the service provider should only need one agreement with the federation.
The attributes continue to be held by the identity providers, and they and the individual users can choose which attributes to release (obviously within the requirement that they release enough to ensure authentication and authorisation can be granted).
The federation would also be expected to:
vet new members (in particular the service providers and identity providers);
maintain a list of members;
set policies that the federation members can agree to
Policies should ensure privacy and security for the federation members, such as saying which are the acceptable certification authorities.