Demonstration: GÉANT-TrustBroker – Dynamic Automated Metadata and Attribute Conversion Rule Exchange

16/06/2015 13:30-14:00
Demonstration area
The number of National Research and Education Networks (NREN) participating in the international inter-federation eduGAIN is continuously increasing. A common technological basis must be established for all Identity Providers (IDPs) and Service Providers (SPs) through, e.g., the pre-exchange of SAML metadata in order fully use eduGAIN. The metadata includes information about the communication endpoints and public keys. eduGAIN’s Metadata Distribution Service (MDS) aggregates all metadata to one file, signs it and distributes the file to all inter-federation participants via the member federations. This approach has its limitations, e.g., when IDPs and SP cooperate with organizations outside of eduGAIN and the national federations, since Federated Identity Management (FIM) cannot be used automatically. Another aspect of the common technological basis is the user information, i.e., the attributes and the different schemas used in the federations. IDPs have to create conversion rules to fulfill SPs’ attribute requirements. This often results in waiting times for users, when the IDP first needs to write these rules.