Logotype Swami
Sunet logotype

SWAMI Identity Federation – SWAMID

For a basic introduction to what an identity federation is, read the tutorial in the documents section (only in Swedish). In the documents there is also an introduction to Shibboleth.

SWAMID – The identity federation for the Swedish higher education community


Our goal with SWAMID is that it shall be the only identity federation needed in the Swedish higher education community for the foreseeable future. We are therefore planning for SWAMID to provide an infrastructure for federated services with several federation technologies. Initially the identity federation will support CWAA, eduroam
and Shibboleth (or SAML). Depending on the demand in the community, more federation technologies will be added to SWAMID.

An organisational framework to build trust between members


An identity federation is an organisational framework designed to make it possible for each of the member organisations to use their own enterprise directory and authentication mechanism for authentication (and possibly attribute release) to services provided by other members of the federation. The organisational framework is normally based on a policy that determines the principles for the governance of the federation as well as the rules and procedures for membership. The members sign an agreement to comply with the rules and obligations in the policy. The object of the organisational framework is partly to build trust between the members, concerning the practices for authentication and identity management.

The multitech approach


The norm for identity federations has so far been: one federation for one federation technology. We have chosen a different concept for SWAMID. By including several identity federation technologies under one common organisational framework, we believe we will achieve economies of scale with regards to the number of identity federation technologies provided to the user community. We expect the costs for the central administration of SWAMID to be lower than they would be for several parallel identity federations. We also expect the common identity federation framework to reduce the membership and identity administration costs at the member level.

In our view, the work of organising and maintaining an identity federation is largely independent of the particular federation technologies. For example, one has to decide on procedures for membership applications and so forth. These routines can largely be same for several federation technologies. Further, the identity management of the identity providers in a federation should meet a common standard. The rules concerning identity management for identity providers in a federation are not necessarily dependent on the federation technology.

To accommodate several federation technologies in SWAMID we have adopted a strategy with one common policy and several tech specific addenda. The common policy will to a big part focus on the rules concerning identity management, the governance of the identity federation and routines and procedures concerning membership. The addenda will concern tech specific rules. This forms a layered structure of agreements, so it will be possible to join for example the eduroam part of the federation without joining the Shibboleth federation.

The common policy will not restrict membership in SWAMID to organisations in the higher education community. Any organisation that meets the conditions of the common policy and the conditions of at least one addendum can join the SWAMID. The addenda can restrict eligibility to only certain types of organisations, which will be the case in the eduroam addendum.

There are additional presentations on SWAMID in the documents section.

SHARE
Share |