OTTO = Open Trust Taxonomy for Federation Operators

From IIW
Jump to: navigation, search
OTTO - Open Trust Taxonomy for Federation Operators
Wednesday 4H

Convener: Mike Schwartz

Notes-taker(s): Mike Schwartz


Tags for the session - technology discussed/ideas considered


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Federations: an central organization that lowers the cost of collaboration by providing standard security policies and practices, providing standard legal agreements, and technical schema. A good example of a multi-party federation in the higher education industry is InCommon: https://www.incommon.org/

OTTO is a working group at Kanatara that is leading an effort to define API's and data structures to enable federation operators to support new protocols like OpenID Connect and OAuth 2.0. It builds on the experience gained by operating SAML federations, and tries to better address requirements like:

  • making the federation metadata more searchable
  • better scaling inter-federation
  • providing more flexibility for schema extension

OTTO defines a few actors:

  • Registration Authority - the organization that provides the tecnnical administration (i.e. hosts the database and web servers) for one or more federations
  • Federation Operator - the organization that is responsible for making the rules, setting the techincal standards, and vetting members.
  • Organizations - the legal entities that join Ffederations
  • Federation Entities - the services operated by an organization that are listed in a federation.

The "standard," which really needs official formatting, can be found here:

https://github.com/KantaraInitiative/wg-otto

There is a test federation generator here:

https://otto-test.gluu.org:8080

A test implementation of OTTO has been completed by Gluu. The code is here:

https://github.com/GluuFederation/otto-node

The API's have been deployed, and can be tested live here via Swagger UI:

https://otto-test.gluu.org/swagger

The test implementatoin showed that the approach defined by the WG is feasible. Specifically, the idea for querying the underlying metadata, and for browsing the data was shown to scale.

There is also a Presentation on OTTO from EIC here: https://prezi.com/vbh50clio1h7/eic-kantara-otto/