The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



As a prerequisite to interoperation, Identity Providers and Service Providers share each other's metadata, which minimally includes their keys and service endpoints. This is called often called federation. How that metadata is shared determines whether the federation is considered bilateral or multilateral.

Bilateral Federation

Outside of higher education, the most common form of federation is bilateral, that is, an IdP and an SP share metadata via some ad hoc method such as email or a protected web app (i.e., an HTML form). Combined with a contract, bilateral federation enables trusted interoperation between one IdP and one SP.

Multilateral Federation

Multilateral federation usually implies a trusted 3rd party that securely registers and reliably publishes all entity metadata. When combined with a common set of policies, multilateral federation enables trusted interoperation between all Identity Providers and all Service Providers.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels