Stone Soup

After stretching our imaginations and perspectives in the future-looking scenarios, we used a “stone soup” exercise to identify some of the biggest issues or “stones” we could think of facing academic interfederation and put them all in a “cauldron” for further contemplation. The European tale of “Stone soup” is itself one of collaboration, where a leader is able to motivate a community into sharing all the ingredients necessary to create a resource that nurtures all. [Story]

In this exercise, everyone contributed the insights they had from the survey of the community, the scenarios and subsequent discussions, and their own experience as "stones".  (See initial "stones" document")  We compared reactions to the stones, looking for common themes, and connections between the stones and the issues that emerged from previous exercises (see 'After "simmering"' document at right for comments and connections.) This was distilled to a  "Summary of the Stones," included below.

Summary of the Stones

exported from report draft version "October 14, 2022" on 2021-07-21

INCLUSION: 

One common theme in the stones below is inclusion. Whether that be market segments not currently engaged with academic federation, under serve institutions, individuals, or protocols. What can we do to ensure that more people are able to join and benefit from academic interfederation? This helps drive "brand" awareness and provides a better value proposition. Providing easier methods of entry into academic interfederation helps more organizations join, and provides an entry method for the future IAM professionals to start learning. This all requires coordination. However, the idea of what academic federation is, isn't the same for all users. This calls for standardized profiles to be asserted.

Actions

• Start (or increase) outreach through non-traditional channels. These might include software communities concerned with other IAM approaches, but also those concerned with application platform stacks, operating systems, etc. The goal is to understand their issues and determine if/how multilateral federation would fit into their environments. This is likely to be a reach outside of academia, but technologists in academia are not as “academic” as they once were.
• Act on what is learned in partnership with these communities, both to deliver value and to enlist more members into the federation community.
• Actions are not only for “us.” For example encourage inclusion of Academic Federation in popular platform stacks.
• Identify (and possibly certify) commercial and non-commercial services that can be utilized by institutions and service providers to facilitate their participation in the Academic Interfederation.
• In general, “embrace and extend,” but think of the Internet, not Microsoft (no “exterminate”).

ACADEMIC INTERFEDERATION MEMBERSHIP & EXPANSION

Are R&E federations only of use to R&E institutions? Why no adoption for access/single sign-on etc at other levels of education (or colleges/universities with no/low academic research functions)? (Alan, +100 Laura )

Actions

• Academic Interfederation needs to be viewed as a priority at a higher level than the technologists. Identify advocates from vice-chancellors / vice-presidents for research, instruction, business, student services, etc. Get them talking to their peers at other institutions.

ACADEMIC INTERFEDERATION:

 -

Our goal, vision  is the Academic Interfederation. National federations, etc. are means to that end.  Support the mission of the Academy. Things can be better: we can improve, we know the problems -- challenge to be met is make it easier to participate.

“The Academy has a long history of both providing and accepting credentials within its varied membership. As Academic Inter-federation has evolved in both the technical and policy spheres this foundation has been reflected in the design choices that differentiate Academic Inter-federation from other types  of   credential issuance and management.  As a special case, the Academy must defend its use cases through mutual agreement and shared technical standards. In order to preserve and extend the values of Academic Inter-federation we need:

• A shared model of governance that is light weight enough to allow for regional differences and which encourages and supports new entrants
• Mutually agreed technical standards and a shared vocabulary for expressing attributes
• An over arching organization which can coordinate inter-operation and represent Academic Interfederation interests when interacting with external entities  (One voice /story telling ; Leadership)
• A strong culture of  mutual support and continued innovation. This must include the continued development of internal talents and use cases.
• Acknowledge and strengthen the  local sources of authoritative information that underpin sources of truth.” end - Lucy

ACADEMIC INTERFEDERATION Leadership

There is no voice that speaks for Academic Interfederation as a whole. To speak to the various pieces, national R&E Federations and other parts of the federated access ecosystem to help them present and evolve a common service, and to speak to stakeholders about how to use that common service. That voice must have sufficient standing to speak with assurance on behalf of all of the pieces, yet it cannot be authorized in a top down way - Academic Interfederation is not that type of confederation. However, an agreement among the willing can be created and national R&E Federations sign on to it when they are ready, similar to the eduGAIN agreement.

Actions

• Create an interim governing body, answerable to the existing national federations, to begin to address the issues raised in this report over the next 2 (3? 5?) years, plus:
• Work with the national federations to determine ongoing governance.
• Create a work plan for the following years.
• Most of the work will be by volunteers, but ensure resources for core support, travel, outreach, education etc.

NAMING ACADEMIC INTERFEDERATION  (BRANDING) -  IN ORDER TO PROMOTE THE PERCEPTION OF VALUE: 

How can Academic Federation be branded, named, identified? We need to be better at telling success stories for federation, (Dedra)  People are not aware about Federated access. need to create more awareness programs about the Federated Access especially countries like India. (Raja) (+1 Dedra)   Also, “federated identity” has been overtaken by the enterprise services world; “multilateral federated identity” is clunky.

• Major next step action for report. Audience REFEDs?

ACADEMIC INTERFEDERATION BASELINE & STANDARDS - 

National federations, etc. are means to achieve Academic Interfederation.  But are  national federations the real barrier to world-wide federated access?  National federations are not barriers, but most international initiatives require action by all national federations, so effort is higher and progress is slower. We need to foster more open interfederation. Currently, there are barriers in the form of federation-specific metadata filters and the fact that each federation must support certifications like R&S for SPs.   We recognize each federation may have internal goals and purposes that are driven by the needs of the communities the federations serve. Extending  federated identity beyond the reach of local connections to global interoperation, however, is the promise that the many federations work towards, together.  A voice for academic interfederation could identify commonalities among national federations to enhance their alignment with Academic Interfederation and foster shared solutions among multiple nations, reducing effort and speeding progress.

Actions

• Position the national federations to be sponsors / cheerleaders for advancing the Academic Interfederation.
• Establish processes for creating initiatives and tracking their progress
• Structure initiatives so that they have specific timelines that have been accepted by the national federations.
• Structure initiatives with long timelines to deliver increasing value as each national federation completes its part.

EXPERIENCE CREATING THE SCENARIOS We have existential anxieties:

RELEVANCE & VALUE

The perceived benefits that we provide have shifted. (providing a trusted network > provisioning specific, unique information (attributes) about individuals) We need to evolve to ensure that we remain relevant  (Laura Paglione, +1 Dedra) - 

Actions

• (See NAMING ACADEMIC INTERFEDERATION  (BRANDING))

EVOLUTION & GROWTH

R&E space used to be up there with the latest tech and advanced ideas….where is OpenID Connect? (Alan, +1 Laura)  On-campus directories going?  As institutions move to outsource with Google/MS their directories are now in the cloud (Azure etc service integration) (Alan)  There is a whole ecosystem of different ID solutions out there - are the current federations too isolated from other activities? (Alan)

Actions

• (See INCLUSION.)

SUSTAINABILITY

The current Federation people are getting older….where’s the next generation? Who will support what is being done into the future? (Alan) 

Actions

• (See INCLUSION.)

COMPETITION/AGENCY 

If we don’t do it, someone else will (Laura Paglione) - Plenty of products to support easy authN/Z -- but the global access is only supported with personal credentials.  Many “good enough”  solutions to the very hard problem of global access with institutional credentials that is the goal of academic interfederation. If the “good enough” is significantly easier, cheaper, the effort to meet full academic interfederation will not be made, and we have to settle for the second best “good enough.” 

• We seem to be spending a lot of time chasing the latest “remote authentication” technology (SAML 1, SAML 2, AD, OIDC, XYZ, …). Inspired by the Internet Protocol (IP, a single “inter” protocol that runs over many different types of networks), is there a way we could generalize a multilateral architecture that leverages these primarily-bilateral technologies in a lower layer? (Stone 25)

Actions

• “Embrace and extend”

PARTNERING: 

But we see partners: 

Lead through partnership. Managed services are not the enemy. Need to provide the kind of services people are looking for (Dedra, +1 Laura, +1 Judith) Leverage the experience gained building national federations to support the growth of industry-specific federations (make the technology we have shown to be successful in R&E relevant in other sectors). Federation as a Service (Dedra, +1 Laura)

Actions

• (See INCLUSION.)

MAKE IT EASIER FOR SERVICES (IdP & SP) TO PARTICIPATE 

And a way to success

The key to success is adoption. Be patient, facilitate adoption through collaboration (bottom up over top down) (Dedra, +1 Laura)  Expand the benefits of federation to those that don't have the expertise to take advantage of federations in house. (Richard Frovarp) 

• Complex configurations needed (but to what end? What would we lose if we remove the complexity?) 
• Long startup times (“plug and play” solutions are selling their ease of implementation, at least some are choosing this - do we provide a better alternative to the easy path?)
• Implementation/engagement out of reach for too many (can we bring them into the community without their technical & engagement overhead going up?)

Actions

• (See INCLUSION.)

MAKE IT EASIER FOR ORGANIZATIONS TO UNDERSTAND TRUST & ACADEMIC INTERFEDERATION (Some link here with the perceived value but at the organizational level)

Policy language.  Attribute release; business model of the federations, motivation for joining and the value. Too valuable to ignore; value offsets potential liability.  Distinguish from “identity federation” - enterprise solution language  C. Lee: Trust means many different things, it can be defined by multiple criteria.  We should have simple categories of trust, different levels that can be achieved by known methods.  This would help organizations understand what they need to do. C. Lee: The term Federation is being used in different ways.  Some people use it to mean just Identity Federation, others use it as just a vague term of some type of collaboration (when in fact it may just be “data aggregation” w/o actually bridging identity silos).  There needs to be clear definitions for these. 

Actions

• (See NAMING ACADEMIC INTERFEDERATION  (BRANDING))

FEDERATIONS CAN BE MADE EASIER USING “FEDERATION AS A SERVICE” (back to partnering)

Professional societies. Verticals 

Actions

• (See INCLUSION.)

[Story]  “Stone Soup,” Wikipedia. 03-Jul-2021 [Online]. Available: https://en.wikipedia.org/w/index.php?title=Stone_Soup&oldid=1031737270.