Gartner Blog Network


A Few Thoughts from the InCommon ConFab

by Ian Glazer  |  April 27, 2012  |  Comments Off on A Few Thoughts from the InCommon ConFab

This week, I had the pleasure of presenting to this year’s InCommon ConFab. Jacob Farmer of Indiana University and the rest of the InCommon team put together a great day and half program. Putting people like Bob Morgan (University of Washington), Ken Klingenstein (Internet2), and Anil John (GSA FICAM) on stage to talk about federated identity not only challenges the audience but also the speakers. Even though Bob, Ken, Anil, and I all had different perspectives there some shared themes.

Federated authorization is the real game… a few people are playing it

The predominant focus of federation has been to establish single sign-on, but federated authentication is just a small part of the much larger federated identity game. Even where some communities of interest such as aerospace and defense, education, and the US federal government have formed to foster federated environments, the maturity of federated authorization is quite immature, especially compared to that of authentication. Simply put, it is what happens after SSO that should be our keen interest. BTW, I’ll have more to say on this throughout the year and have a talk on it at Catalyst as well.

Context is key but we aren’t sure what it is

Each of us acknowledged that importance of context, especially in authorization and privacy-related scenarios. But an astute audience member pointed out that none of us had defined it. I’m still working this out but here’s an early set of thoughts. Strictly speaking, context attributes are what’s left over when you eliminate subject and resource attributes. But what is that? I can think of at least two sets: external and shared attributes. External attributes include time of day, current load on the server, and weather conditions. Shared Attributes are, as the name implies, attributes shared by subjects and resources such as relationship. This is an incomplete set and the problem of defining and representing context definitely needs more than just a few of us tinkering with it.

Speaking of that… I’ll be at IIW next. Anyone interested in kicking either federated authorization and/or context around? See you in Mountain View.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: federation  iam  privacy  

Tags: context  federation  higher-education  incommon  internet2  privacy  saml  xacml  

Ian Glazer
Research Vice President and Agenda Manager
4 years at Gartner
16 years IT industry

Ian Glazer is a research vice president and agenda manager on the Identity and Privacy Strategies team. He leads IdPS' coverage for authorization and privacy. Topics within these two main areas include externalized authorization management, XACML, federated authorization, privacy by design, and privacy programs. Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.