What is a Federation ?
A federation is a collection of organisations that agree to interoperate under a certain rule set. A federation will generally define attributes, along with distribution of metadata representing this information. In general each organisation participatin in a federation operates one Identity Provider for their users and a number of Service Providers. With a single, unique login a student or staff member can access online applications at participating organisations.
What does a federation provide you?
Without a federation, a user registers with each resource he wants to access and usually gets for each resource a new username and password pair, also known as credentials. Users and administrators get confronted with following problems:
- Too many credentials: per resource users want to access they receive a username and password.
- Complicated user registration: each resource administrator needs to register the users by himself.
A federation simplifies the processes for all parties involved:
- Simplified registration: a user only needs to register once within their organisation. This ‘home organisation’ is responsible for user related information and provides the user with the credentials.
- Simplified administration: thanks to the single login it should be easier to streamline the administration within the organisation.
- Authentication: the user’s organisation carries out the authentication, which can provide additional information about the user to the resource upon resource’s request and user’s content.
- Access control: a decision made by the resource based on the retrieved information about the user.
A federation is based upon the concept that resources rely on user authentication at the user’s organisation and they obtain from them information about the user for its authorization decisions.