Applications should perform well in the environment where they live.  Requests have been made to domesticate applications for higher education.  Some key elements we ask for in a domesticated application

  • federated login (in our case: support SAML2.0 with the SAML2int profile)
  • never touch a password, login is handled in the federation (in our case: Feide)
  • consume attributes as defined by eduPerson and additional schemas (in our case: norEduPerson, eduOrg and eduOrgUnit)
  • have a reasonable privacy statement, and act accordingly (in Europe, se Article 29)
  • if there is need for provisioning, have a well defined provisioning API (in our case: PIFU)
  • support virtual organizations and external group management

These requirements are basically the same as you find when people build their private cloud systems from open hosted applications.

The discussion on these issues started among federation people operating university identity federations.  Victoriano Giralt says that

“domesticated application is on that has been adapted to federated access management in some way. I’d even dare to propose levels of domestication:

  1. Domestic species. FIAM has been put in by design, with delegation of AuthN and AuthR to the federation.
  2. Petted species. The application design has allowed to create an AuthN(R?) plugin that allows it to smoothly integrate to the federation, maybe with a minimal local user provisioning.
  3. Tamed applications. They have been made to play in the federated environment by way of provisioning local users on the fly with kind some kludge, but AuthN/AuthR happens mostly at application level but with information carried over from the federation, but do not ask for username and password.”

There are wild beasts out there!