Keith Moore <moore(_at_)network-heretics(_dot_)com> writes:
On Nov 3, 2011, at 12:55 PM, Russ Allbery wrote:
Federated cross-institutional authentication is a Very Hard Problem.
Trust is inherently not transitive.
Right, and non-transitive and even asymmetric trust is one of the things
that these systems attempt to address. In addition to non-transitive,
asymmetric trust, you also have to deal with limited information release
issues. And in some cases you *do* want transitive trust (such as to a
parent organization which has multiple child organizations for which it
vouches), and you have to identify where those cases are and how to
represent them, and how you build exceptions to them.
One needs a *lot* of policy layers, and the overall complexity of the
system is high. The SAML federation space is probably the most mature
implementation of this, and has some very strong drivers for forming
federations, and it's still messy and constantly evolving, with most of
the agreements made point-to-point.
--
Russ Allbery (rra(_at_)stanford(_dot_)edu)
<http://www.eyrie.org/~eagle/>