Funded in 2016

– Federated Identity Management (FIM) is being used increasingly for different Internet applications, including web and mobile. The demand for cross-organizational collaboration and the proliferation of cloud applications is driving the demand to federate identities. To support FIM there are two main protocols established: SAML and OAUTH2/OIDC, with SAML being used in the majority of use cases for cross-organizational collaboration.

Interoperability between products for FIM, in particular commercial offerings, is still an issue 11 years after the SAML V2 standard was published. Many products lack conformance to the SAML profiles used in federations, leading to extra effort in the integration process. While standards and specifications are available, implementations frequently do not follow these.

There are no comprehensive testing suites available that would provide the metrics to get better. The GÉANT project had funded initial efforts to remedy this situation, which resulted in a proof of concept implementation of a SAML2 test tool, published at Federation Labs (www.fed-lab.org). In the meantime, related test suites have been developed for OIDC has just been initiated.

This project is underway to take FedLab from its current status as a research project and bring it towards service operation. This phase will focus on making a comprehensive test suite available at Federation Labs, which features an improved architecture that will allow improved flexibility in test configurations and easier to use for deployers. It shall establish a community process by being open source, allowing users to contribute and improve test cases and profiles.

As a result, we expect to improve the conformance of products to increase and show clearly where products are failing to meet the profile. Improvements will trickle down in implementations and make federation integration quicker and cheaper. For the end user, access to external resources without giving up security and data protection will proliferate.