TNC16 Conference
GEANT logo
Announcements |   placeholder

Towards User-Centric Identity Federations

Identity Federations are undergoing important internal transformation to reach new levels of functionality and to provide benefits in a continuously changing environment. On one side, in fact, we have the strive to provide better services to end users. In this respect identity federations are focusing on providing services from a more user-centric perspective, thereby giving more power to the end users to manage their own digital identities. On the other side, identity federations are undergoing strong modification due to external factors. In many countries and communities a profound reorganisation of the federation basis is underway: some are providing more centralized structures to offer more advanced services, others are experiencing strong governmental and banking initiatives in the field of digital identities. Both of these trends lead to the further decoupling of authentication and authorization functionality in the federations. Where the authentication can be handled by a central function in the federation (EduID) or might even be externalised (BankID, Government ID), the role of the institutions in those situations will move from identity provider (authentication) to attribute provider. Attributes are used to add the relevant Research & Education context to identities that are needed for authorization decisions by Service Providers, or to provide academic information about users. This trend offers new attribute providers like ORCID an opportunity to hook into the whole federation. Within GN4 phase 1, an activity called EduKEEP was started to model and discuss this new architecture for identity federations. The shift towards a more user-centric model and the decoupling of authentication, attributes and authorization will be described and explained together will real case scenarios.


Related documents