Trust and Internet Identity Meeting Europe
5-6 Feb 2018: Workshops and Tutorials
7-8 Feb 2018: Unconference

Workshops and Tutorials (free)

Title Contents
DP CoCo GÉANT Data Protection Code of Conduct
FIM4R Federated Identity Management for Research Workshop
Federation Boot Camp How to federate identity management across organizations. Concepts, state-of-the-art and alternatives. See the detailed agenda below.
Hub & Spoke Meeting for Hub & Spoke Federation Operators
IdPy Dev Meeting IdentityPython/SATOSA Developer Meeting. See
IDM OSS Sessions 3 tracks for Open Source IDM Projects: (a) 2 Tutorials to get started or expand know-how, and (b) a workshop “Consumer to contributor”. See the detailed agenda below.

Federation Boot Camp

This is a comprehensive workshop for IT-managers and engineers who start or scale up identity federations. Speakers will cover architectural, technical and organizational topics, and introduce privacy, legal and economic aspects. The objectives are to obtain a comprehensive overview on options and alternatives for X2Y Identity Management (B2B, B2C, ..), and a more detailed insight into WebSSO federation with SAML and OIDC. Outline:

Monday Afternoon
  • Architectural options (central IDP, mesh, hub+spoke) and alternatives (consumer-/eGovernment-ID)
  • Fundamental federation concepts based on SAML-based Web-SSO mesh model
    • Trust management
    • SAML metadata anatomy
    • Resource registries, aggregators and registration policy
    • Attribute release
  • Crypto management
  • Federation policy for B2B and B2C
  • PKI-based federations and integraton of non-web clients with SAML
Tuesday Morning
  • Advanced SSO federation concepts
    • Interfederation
    • Virtual Organizations
    • IDP of Last Resort
    • Mobile apps in SAML WebSSO
  • Options for OIDC-based federations (OIDC ‘proper’, OIDCfed)
  • Hub-and-Spoke Federation architecture and use cases
  • Federated provisioning

Speakers: Peter Schober, Walter Hötzendorfer, Roland Hedberg, Lukas Hämmerle, Rainer Hörbe, Raoul Teeuwen, Patrick Curry, Peter Gietz, Wolfgang Pempe

IDM Open Source Software Sessions (free)

Track Descriptions

Track 1: Shibboleth/Federation Operator Tutorial [David Huebner, Wolfgang Pempe, Rainer Hörbe]

  • Introduction to Shibboleth (SP, IdP, Metadata Aggregator)
  • pyFF as alternative to Shib MA
  • IDP Capabilities with Plugin-Interfaces
  • Hands-on part: Install and configure Shib IdP + SP; walk through SP on-boarding; Detect and fix typical configuration errors

Track 2/1: Keycloak [Peter Pfläging]

  • Introduction into Keycloak, an OSS IDM system supported by Redhat.
  • Use cases that are suitable for Keycloak.
  • Demo to get the idea of different possibilities to set up an IDM system with GUI and scripting.

Track 2/2: Midpoint [Katarina Valalikova]

  • Introduction into MidPoint, an OSS IDM and identity governance system.
  • Explain traditional IDM use cases such as provisioning, synchronization, self service, entitlements and password management, and advanced features related to governance, risk management and compliance.
  • Short demos will show real examples.

Track 3: Workshop Consumer to Contributor

Project Speaker
Shibboleth/Federation Operator Tutorial David Huebner, Wolfgang Pempe, Rainer Hörbe
WAYF’s GO stuff Mads Petersen
IdentityPython Heather Flanagan
Midpoint Radovan Semančík, Katarína Valaliková
Comanage Benn Oshrin
Keycloak Peter Pfläging
pyFF, pyeleven with HSM Peter Schober, Rainer Hörbe
Data Sync Frameworks (Aegis, didmos) Thomas Warwaris
Shibboleth OIDC Janne Lauros and Henri Mikkonen
SimpleSamlPHP Jaime Pérez Crespo
Moderator Ralf Schlatterbeck

Unconference (paid)

The unconference is using an agile format with participant-driven contents, covering the attendees’ current interests. TIIME’s format has been designed for solving trust and identity issues, developing and sharing new concepts. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!

To get an idea about the contents look at Topics or into the proceedings from previous conferences.


Patrick Curry: “Business Cases for Trust & Identity Federation”

Requirements for trust and identity federation are becoming more complex and demanding. The basics are the same in every case, but their architectures vary to meet different functional and user requirements. We explore the increasing need to reuse identity in more use cases and in more ways, to reduce costs and risk, and see how this leads to new collaborative opportunities for wider interoperability and greater shared benefits.

Ralf Schlatterbeck, Thomas Warwaris: “From Trust to (P)ownership. Establishing Trust for IoT and User Devices.”

The IoT is based on constrained devices with limited crypto capabilities. The requirement to secure device to device communication is a fundamental challenge. This talk presents some concepts and their pitfalls. Not only in IoT, but with any user devices, the trust assumptions require scrutiny. Trusted computing and DRM (digital restriction management) include trust relationships to different stakeholders who might not be the user.