My youngest son was named in a process involving Naming Game with federated authentication, Foodle polls and technology testing of cross federations.  Some of the lessons we learned from setting up a simple desireable application:

  • Adding entire federations lowers the administrative burden
  • Adding entire federations creates administative tasks we did not know about (Finding a Dutch to translate a federation contract to be signed was not really hard in our case. Your mileage may vary, I had a Dutch co-worker next door.)
  • Metadata needs to be massaged, and there is work to be done on standardization and metadata automatization.  Automated collection of metadata, understandable formats and update propagation is higher on the Feide agenda than it was before we hit the scaling issues.
  • Keeping an OpenIdP for homeless users is smart.  Well, it is smart until they forget their username and start asking questions.
  • Service providers do not know the intended user community.  Applications morph audience as word-of-mouth travel in the community.  Never underestimate the network effects.
  • Mixing anonymous and verified access is necessary in some use cases, but creates work on authorization inside your application.  Most applications are touchy about authorization delegation, with good reasons.