Trust and Internet Identity Meeting Europe
11-14 Feb 2019: Workshops and Unconference

TIIME 2018: What will federations look like in 15 years?

(Lukas Hämmerle)

How will Identity Federations look like in 5 and 15 years in terms of?

* Protocols used
* Architectures
* Business Models/Funding
* Services offered

Synopsis:

To make the process easier we should probably start by having an idea of how it will be in 5 years, bringing it closer to reality. Going around the room to hear everyone’s ideas: What protocols will be supported? What business models will federations have funding wise?

David K: In 5 years it will be much the same as now.

Kjeld: In healthcare I think we will have the same protocol (SAML2) we have now

Lukas: if we look back we started with SAML1 then there was SAML2 . SAML1 is now gone in our federation and we have seen moonshut was there briefly. Open id was hyped for a few years also.

Peter C: we are seeing a difference in SP s connecting much faster than IDPs. New SPs as the open id connector for example. On the IDP side not one IDP has asked us (SURFconext) to be an IDP for OpenID connect. It would be interesting to see the transfer from one to the other

Peter P: It is interesting to see in the next 15 years how the society changes. The education environment is different from others, private sector for example. I see in commercial services, SaaS are moving strongly in the direction of mobility.

L: Mobility in the sense of different devices ?

Peter P: Apps for specific tasks. Not in the meaning of different devices only. At the moment the development in this sector is so rapid that it relies a lot on what is supported by the application for its use of id providing services. We will strongly go in the direction of identity providing services. They are becoming continuously smaller and more specific. Today there are various apps working simultaneously in the work environment so identity providing is a very hot topic. 15 years ago this wasn’t the case. There are specific parts like federation for governments – providing services for smaller communities. Now it is coming stronger on the business side, related to the legal side of it also.

Peter C: it is now under the flag of security much more, knowing the times of logging in and what was used. Before it was under the flag of getting the right authorization etc. One of the things I think is that in 15 years we will all be supporting devices in our federations extra to supporting people identities.

Rainer: remote lab for example

Peter C: these devices are becoming more and more autonomous and they need their own identity by now

K: that is a problem legislation wise

Scott: there was a female robot in Saudi Arabia that got citizenship some time ago. She would need an ID too. There are obscure scenarios we could think of, we don’t know how society will change in 15 years. Maybe churches run federations. Maybe we will be no longer identified as we are now but with some sort of MRI identifying service / via brain patterns to prevent misuse for example. We have seen the computing powers of today are much more powerful so the encryption of today is not enough. Is it enough to increase the bit size?

Lukas: you think quantum computers will get rid of security?

Scott: Probably. In 15 years we might have AIs that take care of communication/ security protocols

Jim: Carboros. It seems we keep reinventing it. We are still going to need symmetric crypto.

Rainer: see any options of it existing outside of intranet?

Peter P: Don’t think so. We must think of services. What organizations were exchanging before were emails and files, statical data. Now that is not enough, transactions are needed. We keep going in a path where organizations work interactively via cloud services or apps they are both using. The protocol is becoming smaller. In 15 years I don’t know if we will still have a TCP communication or another protocol.

Rainer: I think wishfully in 5-10 years we will have a much more integrated workflow, a much better abstraction layer. The concepts of federations will be somehow amended with more workflow-level messages being processed. For larger use cases that could be realistic in 5 years. Federation operators will also just be a messaging hub maybe.

Lukas; more normal, more commodity compared to today? Better integrated? Maybe there is one IDP in the future for the whole country or?

Markus: Gov IDs will be then relevant also.

Rainer: for low level security yes but you still have to provide attributes into a certain concept.

Pichler: that is more attribute providing than id providing

Peter C: we have started rolling a more centralized id providing process in the NL

Peter p: I always have the avatar view. As a physical person you have many avatars nowadays and each of them has a couple of attribute sets, which are their levels of roles in the community

Rainer: another point is that in the 90s we have the first integration for hypertext, then we started provisioning users for many applications. The real point is how I can enable an app portfolio for users that is consistent - this is more related to a consistent UI, role management, a virtual organization that allows for full integration.

Peter C: Maybe SCIM will finally take off

Scott: One thing I see for the next 5 years – an IBM project on metadata exchange and exchange between federations.

David: A question came to me just now. To what extent do we wait and see? Shouldn’t be doing something in the meanwhile?

Martin: I think it is driven by demand and technology advances mostly. Both of these factors meet then in the middle. One of the advantages of federation right now is SSO for end users and that will be needed in the future as well.

David: on the prediction that we still will have username and passwords. That is to be reconsidered possibly

Lukas: We could also discuss if we started today in a green field how should everything in the identity realm be today, not in 15 years? What’s the perfect version now?

Rainer: You think of Microsoft and word as a single thing, one single entity?

Heather: In terms of the architecture I think we are just reinventing things. Struggling to figure out making a single file into a distributed system and then learning to trust it. Why don’t we learn from it and jump ahead by building on it?

Lukas: maybe because it is easier to start from a single file.

Heather: for sure but it is really been thought of it before so we could learn from it faster and more efficiently. We are reinventing root zones, different ones with different specialties but the same core.

Peter C: I would think the concept now with federations and SP services could be improved / why not make it that the SP and the IDP have only one connection each and simple nodes in between? Federation of federations is already a very dynamic topic.

Martin: full mesh federations I think therefore will disappear soon. They are not scalable enough. Mesh will only be used for certain IDPs or SPs.

Peter C: It’s ridiculous to say an SP will need more than one connection. Leave that to hubs, make connections between them

Lukas: And then provide these SPs an interface to connect to other one

Martin: maybe give delegated access, but that is then a technicality issue

Peter C: there should be a way to find an IDP in a user friendly way

Scott: if we were to start over would we still have so many entities in the system with SPs that create id providers or is it better to sit here and create a new id, new name like Microsoft and they should all buy that from us? From the aspect of how divided they are now, that would be better. There is now too many players and institutions running the system and we are just creating it.

Peter C: Centralizing identity?

Scott: Not in a technical form, just not like now where have so many actors deciding but one big central organization that provides the service in the shape and form we intent to provide it

Peter p: On the other side central services don’t work too often. I would go in another direction. If we had had this knowledge 5 years ago, i would think: why don’t we take ID straight from the DNS, the personal name is in DNS (your avatar)

Lukas; do you think Facebook and Google will still exist?

Markus: If the GDPR doesn’t crash them.

Rainer: the Microsoft stock always went up after Christmas letter so the regulations won’t affect it.

Session concluded on the note that all possible speculations are viable!