A federation is a collection of collaborating organizations that use a common framework for exchanging and handling identity attributes, supporting security processes and infrastructures, and providing overarching policy governing the interaction. Federations greatly simplify and streamline the management of relationships and interoperability with multiple partners.

Institutions and service providers could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner, or they could do it once by joining a federation and then leveraging these common elements for many relationships. This reduces the repeated effort of negotiating and establishing technology mechanisms, data exchange, security principles, and so on, for each organizational relationship.

For an explanation of the value of federations and how one works, refer to the Introduction to Federated Access Management animation developed by the UK’s Joint Information Systems Committee.

Shibboleth provides the underlying mechanism for leveraging institutional authentication and exchanging of user attributes for service personalization and authorization.


Shibboleth and SAML have been deployed world-wide as a basis for national and community-based collaboration. In the UK alone, the UK Access Management Federation, supports over five million users with Shibboleth as its underlying technology.

• Interoperability: Current work is being done on a global scale to map current federation policy frameworks (including agreements and practices) to determine gaps in preparation for world-wide integration. The technology interoperability has been demonstrated multiple times and is currently in production. At Internet2, the InCommon Federation and Shibboleth are enabling worldwide collaborators to edit and update the  Shibboleth Project wiki and other project spaces.
  
  
• Membership Requirements: For more information on joining a federation near you, see the current list of federations where you can find out more about membership criteria and requirements of each. For those in U.S., please refer to the InCommon Federation.

In some cases, it makes sense to establish a state or regional federation. You might have different attribute release policies. Or your collaboration team and supporting applications might require higher security. However, you may also want to work with service partners or identity providers in your national federation, too. How do you support both a state/regional and your national federation?

You can address both of these issues by building your own federation on top of InCommon, if you’re in the US. The University of California (UC) System, for example, has done just that, leveraging the security, institutional vetting, and related services that InCommon provides. This allows the schools and their partners to collaborate without having to worry about the details of the infrastructure. For more information on how this might work, see the UC Trust Case Study Foundations for a Federation.