One of the major themes running throughout the 2014 Internet2 Global Summit wasTrust and Identity. Major initiatives are underway with Internet2 members to develop a framework architecture for a global identity and trust infrastructure. This follows on the work that has been done by the I2 community with InCommon, but now is expanded to include areas like MultiFactor Authentication (MFA).
While I applaud this effort, I’m a bit jaded. Is the OSHEAN community interested in Federated ID? Are we interested in having trust relationships between members? To date, I have not seen a compelling use case that hasn’t already been handled. I thought, for instance, that the hospital community and medical schools might be candidates, but have been told that credentials are already handled among the institutions. I have not heard of a push for a unified student credentialing system for K-12 in RI, yet I see pilots taking place around the country.
The length of time it has taken to make progress in this area also fills me with trepidation. I think back to the early days when Microsoft was championing single sign-on—the days of the birth of Federated ID. I don’t know about you, but I have seen very few instances of even the basic single sign-on other than logging into a website with my Facebook or Google ID.
I do see great potential for this in federated clouds. The use of a Federated ID and authentication schema for accessing an organized multi-cloud resource pool could prove invaluable. To that end, Internet2 has mandated the implementation of InCommon amongst its partners in the Net+ Cloud Services program.
Overall I am interested in learning how our members feel about this area, and if there is a sense that we should be getting more aggressive in examining potential architectures.