2016 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

UK Federation 2.0: This Time It's Personal

Time 09/26/16 02:30PM-03:20PM

Room Bayfront B

Session Abstract

The UK Access Management federation turns 10 years old in late 2016. In that time, it has grown to over 1,000 members, encompassing higher education, further education, schools and research, health, local government, commercial providers, and also a small (but growing) amount of other related sectors. In that time, we’ve learned a lot of lessons about running a large SAML federation, and thought a lot about what might be happening over the next 10 years.

In the summer of 2016, the technical infrastructure and support team underpinning the UK federation will be transitioning from being provided by EDINA (a Jisc centre for digital expertise & online service delivery based at the University of Edinburgh) to being provided directly by Jisc.

We are going to use this transition as an opportunity enhance the infrastructure underpinning the UK federation. This will involve some changes in technology, in processes, and in functionality available to our customer base. These changes include enhancing the Shibboleth MDA to include APIs for managing federation membership and entities within a version control repository backend, enabling customers to make use of a self-service portal or to interact directly with the APIs. They will also allow Jisc to spin up whole new federation instances - i.e. federation as a service - that federation operators (either at the national or campus level) might wish to make use of, or to deploy directly themselves on their own infrastructure.

In this session, Rhys, Mark & Phil will present a detailed overview of the changes to the UK federation infrastructure, the enhancements to the Shibboleth MDA, and the areas where we will be retaining current practice - discussing the reasons we’ve chosen these particular design patterns based on our 10 years of experience and where we see the future of SAML federations moving towards. Finally, there will be discussion about what Jisc sees as desirable in the future of management of SAML federations – including whether the SAML federation operator community (including campus-level federations) should be consolidating on a small set of well maintained management tool sets rather than everyone duplicating effort and creating their own, whether there’s a place for a Federation as a Service offering for large federations, and whether federation operators should be using shared infrastructure where possible.


Speaker Rhys Smith Jisc

Speaker Mark Williams Jisc

Primary track Trust and Identity

platinum Sponsors

gold Sponsors

silver Sponsors

supporter Sponsors