We (@ekupris and @tobiaspc) presented our research paper Automated Where Are You From at TDI/OSW 2024.
This issue is based on resulting discussions on how to integrate A-WAYF's functionality into FedCM.
It primarily addresses the application of FedCM in multilateral federations, e.g., in the research and education (R&E) sector.
However, it might also be relevant for other sectors, such as Open Banking.
Multilateral federations differ from bilateral ones in the following ways with regards to FedCM:
There can be thousands of IdPs that users can choose to authenticate with at an RP
Session lifetimes are usually short
Where Are You From/discovery services are used to find a user's home IdP
R&E IdPs usually do not offer a direct login page
RPs are not explicitly registered at the IdP
These differences directly relate to the issues and considerations presented below.
To avoid overloading this issue, we have divided it into several distinct sub-issues, each of which we discuss in detail.
Issues
FedCM's IdP registration, the "any"-mode, and the button mode were presented at OSW 2024.
These functionalities could be utilized to further accommodate R&E use-cases.
However, we believe that certain issues persist, and some of these could be addressed with our suggestions.
IdP filtering, so that only compatible ones are presented to the user: Issue 1
Organization Chooser, if there are multiple IdPs registered with no logged-in accounts Issue 2
Considerations for FedCM in R&E
While thinking of a PoC design of FedCM at our university IdP, we collected some considerations for the usage of FedCM in the R&E context:
Direct login at IdP via loginURL is usually not possible out of the box
RPs are not explicitly registered at the IdP, so receiving client metadata needs to be well thought out
They are described in detail in this issue: Issue 3
Background
We (@ekupris and @tobiaspc) presented our research paper Automated Where Are You From at TDI/OSW 2024. This issue is based on resulting discussions on how to integrate A-WAYF's functionality into FedCM. It primarily addresses the application of FedCM in multilateral federations, e.g., in the research and education (R&E) sector. However, it might also be relevant for other sectors, such as Open Banking.
Multilateral federations differ from bilateral ones in the following ways with regards to FedCM:
These differences directly relate to the issues and considerations presented below. To avoid overloading this issue, we have divided it into several distinct sub-issues, each of which we discuss in detail.
Issues
FedCM's IdP registration, the "any"-mode, and the button mode were presented at OSW 2024. These functionalities could be utilized to further accommodate R&E use-cases. However, we believe that certain issues persist, and some of these could be addressed with our suggestions.
Considerations for FedCM in R&E
While thinking of a PoC design of FedCM at our university IdP, we collected some considerations for the usage of FedCM in the R&E context:
They are described in detail in this issue: Issue 3