Customer 2 Business – Will Federation Really work?
Session Topic: Customer 2 Business: Will “Federation” really work?
Convener: George Fletcher
Notes-taker(s): George Fletcher
Possible "federation" models
1. Enterprise as IdP
2. SaaS provider as IdP
3. Employee selects IdP for SaaS provider contracted by enterprise
4. Consumer to Business
Focus is on "federation" model #4
Note that "federation" in the consumer 2 business model isn't a true federation in that there isn't a central management of policy and rules.
Use cases not really supported today
1. Consumer re-verification (e.g. when making a purchase to ensure it's the same user)
-- at the protocol level may need some signaling from the RP as to the riskiness of the transaction
2. Step up/down authentication (as determined by the RP)
3. Online Customer Care
- a. Forgot IdP flow (as forgot password flow doesn't make sense)
- b. Forgot identity used at the IdP flow
- c. IdP unavailable flow (the user can't login to their IdP)
- d. Account recovery by binding a new IdP to an existing account
- e. Limited temporary access (allow user to access service but in a limited capacity)