Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Single hop federation #92

Open
arndt-s opened this issue Jul 29, 2024 · 0 comments
Open

Single hop federation #92

arndt-s opened this issue Jul 29, 2024 · 0 comments
Assignees
@arndt-s

Comments

@arndt-s
Copy link
Member

arndt-s commented Jul 29, 2024

Deployment may want to do federation in a single hop. Currently, the document describes a 2 hop federation (First get assertion grant, then present assertion to domain B).

Do we have specific warnings, drawbacks, etc. for this use case? Do we want to describe it?

Just writing down what comes into my head:

Drawbacks

  • AS of domain A loses control
  • Domain B does not know if federation is intended
  • Presented assertion may have been stolen (if not key bound)

However:

  • federation is more resilient (AS of domain A does not need to be available)
  • COGS of AS in Domain A can go down significantly (if federation is primary use case for example)
  • Privacy?! AS of domain A does not know what clients federate to
@arndt-s arndt-s changed the title Single hop "federation" Single hop federation Jul 29, 2024
@arndt-s arndt-s self-assigned this Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arndt-s arndt-s

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arndt-s