Customer 2 Business – Will Federation Really work?

From IIW

Session Topic: Customer 2 Business: Will “Federation” really work?

Wednesday 3I

Convener: George Fletcher

Notes-taker(s): George Fletcher

IIW15 W3I.jpg

Possible "federation" models

1. Enterprise as IdP

2. SaaS provider as IdP

3. Employee selects IdP for SaaS provider contracted by enterprise

4. Consumer to Business

Focus is on "federation" model #4

Note that "federation" in the consumer 2 business model isn't a true federation in that there isn't a central management of policy and rules.

Use cases not really supported today

1. Consumer re-verification (e.g. when making a purchase to ensure it's the same user)

-- at the protocol level may need some signaling from the RP as to the riskiness of the transaction

2. Step up/down authentication (as determined by the RP)

3. Online Customer Care

  • a. Forgot IdP flow (as forgot password flow doesn't make sense)
  • b. Forgot identity used at the IdP flow
  • c. IdP unavailable flow (the user can't login to their IdP)
  • d. Account recovery by binding a new IdP to an existing account
  • e. Limited temporary access (allow user to access service but in a limited capacity)