What is a Federation ?

A federation is a collection of organisations that agree to interoperate under a certain rule set. A federation will generally define attributes, along with distribution of metadata representing this information. In general each organisation participatin in a federation operates one Identity Provider for their users and a number of Service Providers. With a single, unique login a student or staff member can access online applications at participating organisations.

What does a federation provide you?

Without a federation, a user registers with each resource he wants to access and usually gets for each resource a new username and password pair, also known as credentials. Users and administrators get confronted with following problems:

  • Too many credentials: per resource users want to access they receive a username and password.
  • Complicated user registration: each resource administrator needs to register the users by himself.

A federation simplifies the processes for all parties involved:

  • Simplified registration: a user only needs to register once within their organisation. This ‘home organisation’ is responsible for user related information and provides the user with the credentials.
  • Simplified administration: thanks to the single login it should be easier to streamline the administration within the organisation.
  • Authentication: the user’s organisation carries out the authentication, which can provide additional information about the user to the resource upon resource’s request and user’s content.
  • Access control: a decision made by the resource based on the retrieved information about the user.

A federation is based upon the concept that resources rely on user authentication at the user’s organisation and they obtain from them information about the user for its authorization decisions.