This week, I had the pleasure of presenting to this year’s InCommon ConFab. Jacob Farmer of Indiana University and the rest of the InCommon team put together a great day and half program. Putting people like Bob Morgan (University of Washington), Ken Klingenstein (Internet2), and Anil John (GSA FICAM) on stage to talk about federated identity not only challenges the audience but also the speakers. Even though Bob, Ken, Anil, and I all had different perspectives there some shared themes.
Federated authorization is the real game… a few people are playing it
The predominant focus of federation has been to establish single sign-on, but federated authentication is just a small part of the much larger federated identity game. Even where some communities of interest such as aerospace and defense, education, and the US federal government have formed to foster federated environments, the maturity of federated authorization is quite immature, especially compared to that of authentication. Simply put, it is what happens after SSO that should be our keen interest. BTW, I’ll have more to say on this throughout the year and have a talk on it at Catalyst as well.
Context is key but we aren’t sure what it is
Each of us acknowledged that importance of context, especially in authorization and privacy-related scenarios. But an astute audience member pointed out that none of us had defined it. I’m still working this out but here’s an early set of thoughts. Strictly speaking, context attributes are what’s left over when you eliminate subject and resource attributes. But what is that? I can think of at least two set: external and shared attributes. External attributes include time of day, current load on the server, and weather conditions. Shared Attributes are, as the name implies, attributes shared by subjects and resources such as relationship. This is an incomplete set and the problem of defining and representing context definitely needs more than just a few of us tinkering with it.
Speaking of that… I’ll be at IIW next. Anyone interested in kicking either federated authorization and/or context around? See you in Mountain View.
Ian Glazer - Gartner: A Few Thoughts from the InCommon ConFab http://blogs.gartner.com/ian-glazer/2012/04/27/a-few-thoughts-from-the-incommon-confab/