[Openid-specs-ab] FW: OIDC identity federation draft

Nick Roy nroy at internet2.edu
Mon Jul 11 22:41:24 UTC 2016

Thanks - Roland and I have had some back channel conversations about bits that are needed to support federation operators dictating various behaviors of OPs.  Do I need to re-propose that stuff here, or is me having mentioned it to Roland (and some of it is on the REFEDS oidcre list) good enough?



On 7/11/16, 4:28 PM, "Openid-specs-ab on behalf of Mike Jones" <openid-specs-ab-bounces at lists.openid.net on behalf of Michael.Jones at microsoft.com> wrote:

On the working group call today, a decision to adopt this document was made, subject to working group feedback on the mailing list.  Please review this document by Monday, July 18th and provide any comments, positive or negative, on its adoption.

Technical feedback on the specification is also welcomed and can be incorporated in subsequent versions following adoption.

                           -- Mike (writing as working group secretary)

-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Roland Hedberg
Sent: Friday, April 8, 2016 1:35 AM
To: openid-specs-ab at lists.openid.net Ab <openid-specs-ab at lists.openid.net>
Subject: [Openid-specs-ab] OIDC identity federation draft


I’ve been sitting on this for a while but have deemed it ready for a bigger audience now.

I’ve been involved in SAML2 identity federations for quite some time now and as soon as I got involved in OIDC I started to think about how one would build an identity federation based on OIDC.

In the GEANT project I’m part of (GN4-1 JRA3T2) we have as a work item the production of a proof-of-concept implementation of an OIDC identity federation.

This document:


describes the ideas that we want to test.

We’ve also gone further and have implemented all the necessary parts.
Which will allow us to, in the near future, set up pilots. 
In fact, we have a number of SAML2 based identity federation in Europe that are interested in trying this out.
Not as a replacement of the SAML2 federations but as a complement.

Anyway, I really would like to have you guys read the document and give us feedback on how it can be improved.

— Roland

”I posit that life is better when you possess a sustaining practice that holds your desire, demands your attention, and requires effort; a plot of ground that gratifies the wish to labor and create — and, by so doing, to rule over an imagined world of your own.” - Anna Malamud Smith

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

More information about the Openid-specs-ab mailing list