Early-bird Discount
expires in
Register Now

Agenda

Multilateral Federation: The Solution to the Problem that Identity Wallets Don’t yet Understand They Have

Multilateral Federation: The Solution to the Problem that Identity Wallets Don’t yet Understand They Have

Combined Session
Thursday, June 06, 2024 15:10—15:30
Location: B 09
Watch the video
Log in to download presentations

SAML and OpenID started with a simple model of bilateral trust. Relying Parties register with Identity Providers and exchange trust information so that the RP can know that they are talking to Microsoft, Google, Facebook etc. We have also had Smart Cards (PIV/CAC) for authentication based on a certificate signed by someone that chains back to a known trusted root. The smart card approach avoids the RP needing to register but has significant user privacy issues. The research and education communities have long understood the scalability issues with these approaches. This led to the development of SAML2 and SAML metadata being used to represent more complicated trust relationships, where a single RP may allow identities from hundreds of Identity providers without needing to set up bilateral relationships. 

We are now entering a new world of Identity Wallets that look a lot more like multilateral federations than a simple one-to-one relationship. For these sorts of credentials to be scalable, we need to represent how a RP/Verifier can be part of perhaps hundreds of overlapping trust groupings. While it might be practical in just the EU to issue special TLS certificates to RP so that they can ask for credentials, that quickly breaks down if multiple countries outside the EU decide that is a good model.

This presentation will look at proposed trust models and explore how a number of implementations are using OpenID Federation to address these scalability issues.

John Bradley
Distinguished Architect
Yubico
Mr. Bradley is an Identity Management subject matter expert and IT professional with a diverse background. Mr. Bradley has over 15 years experience in the information technology and identity...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch