[Openid-specs-ab] OIDC identity federation draft

Roland Hedberg roland.hedberg at umu.se
Fri Apr 8 08:35:18 UTC 2016


I’ve been sitting on this for a while but have deemed it ready for a bigger audience now.

I’ve been involved in SAML2 identity federations for quite some time now and as soon as I got involved in 
OIDC I started to think about how one would build an identity federation based on OIDC.

In the GEANT project I’m part of (GN4-1 JRA3T2) we have as a work item the production of a proof-of-concept 
implementation of an OIDC identity federation.

This document:


describes the ideas that we want to test.

We’ve also gone further and have implemented all the necessary parts.
Which will allow us to, in the near future, set up pilots. 
In fact, we have a number of SAML2 based identity federation in Europe that are interested in trying this out.
Not as a replacement of the SAML2 federations but as a complement.

Anyway, I really would like to have you guys read the document and give us feedback on how it can be improved.

— Roland

”I posit that life is better when you possess a sustaining practice that holds your desire, demands your attention, and requires effort; a plot of ground that gratifies the wish to labor and create — and, by so doing, to rule over an imagined world of your own.” - Anna Malamud Smith

More information about the Openid-specs-ab mailing list