May 2011

Kantara Initiative announced this week that CA Technologies, IBM Corporation, SAP AG and UNINETT pass Kantara Initiative SAML 2.0 Full-Matrix Interoperability Testing, SimpelSAMLphp was chosen as an open source solution to join in the testing, after submitting a proposal for why it is key federation software.

SimpelSAMLphp 1.8 passed Kantara Interoperability testing, and does conform to the IdP lite and SP lite profiles of SAML2.0.  This means that our drive to support federated login in a multi-vendor environment has taken another step in the right direction. Many of the federations in higher education operate with a software monoculture (using Shibboleth, which is really good software), but I believe that for federated solutions to permeate every necessary application we must work with a plethora of solutions. It is most important for this to happen on the service provider (SP) side, since the variations on implementation for web applications is huge.


Student mobility is on the rise.  There are a number of different factors interacting, all contributing to the

  • More students in the Erasmus program, now around 200000 students every year
  • Flexible study programs, where part of the education is given by a university not in the same town or even the same country.  The Nordic master programme is one example of join Master ‘s programmes of higher education
  • Project work across institutional borders is rewarded, for example for graduate students involved in research.
  • Going (back) to college for more education is more common, as the skill sets and the learning we need to be comfortable in a complex world challenge us.

Students from outside our universitites need access to both campus services and off-site applications. One challenge we face is how to integrate students from “foreign” origin into our campus identity management systems.  Nothing is more foreign than the institution in the neighbouring town, as their practices confuse us by being similar, yet different.

Some promising work that is ongoing in our community

  1. Cross-federations with the same attribute set (eduPerson) enable an easy way to add users to an existing service.  Prime examples are Kalmar2 and eduGAIN.  The national federations within each country have mechanisms for sharing attributes based on eduPerson, with several extensions. Kalmar2 has made a comparison of key attributes in the participating federations.
  2. RS3G work on exchanging student records on the European level, by feeding information between the student registry systems.  In Feide the student registry systems are the authoritative sources for campus identity management, so if the information is present in the student registry all is well.
  3. REFEDS where the operational federations meet to sort out how federations may help with live scenarios like increasing student mobility.
  4. Technical work on Identity Provider discovery and in Kantara on Universal Login Experience, attacking the student mobility scenario from the user interface and giving the student tools to sort out rights and identity management.  The other side of this puzzle is the rights management, where there is still work to do.

There have also been some work in STORK on student mobility, but so far involving individual universities, interacting with national government eID, without reaching the national level.

I believe in running code, and solutions that get used. This will probably involve the formal student registries, and some sort of interaction from the students with the federation functionality.