In the world of large scale identity federations the problem-du-jour is how federation operators can connect their federations and share services.
The eduGAIN program led by my good friends Valter Nordh and Brook Schofield, in being a concrete instantiation of interfederation, is starting to reveal operational issues in a number of national R&E federation specifically wrt to how SAML metadata is managed and made available to connected relying parties and identity providers.
A couple of years ago Ian Young wrote a a blog post on an operational model for metadata and Andreas Solberg started work on a basic metadata aggregation profile in part based on those ideas. At the recent tf-emc2 OpenSpace in Zurich Brook ran a session on this topic. These efforts will need to converge in the near future to produce a Standard Model for Interfederation.
In order to support such a model the world needs working code.
Recently (last Monday) me and the SWAMID operations team realized we needed to modernize the way we manage and publish our metadata so I took the opportunity to roll up my sleeves and write some code.
The result is pyFF – Federation Feeder.
pyFF is based on a simple execution model – metadata goes in one end and out the other and in between processing happens in a pipeline of basic operations described by a simple DSL (domain specific language) using YAML syntax. Right now the code is in rapid development and I expect it to be in production for SWAMID very soon.
Check it out and send me comments: leifj at sunet.se