“A nearly impenetrable thicket of geekitude…”

September 2010

BEER

Posted on September 29, 2010 at 13:22

BEER is the current attempt at a decent acronym for a new service in the federated identity space. BEER stands for [Bunch|Bucket|Bag] of End Entities Registry, and you should be profoundly glad we didn’t go with any of the earlier names.

You can find out more about it at the project’s wiki; Nicole Harris has a pretty good summary of the idea and what it might mean.

One thing that seems to be confusing people about BEER is that it’s easy to make the assumption that it’s trying to be a federation along the lines that we have at present, just with less strict membership rules. I’m not saying that such a thing wouldn’t have a use (TestShib has been very useful for many people, although it leans so far towards openness that some would argue that it falls over), but this is not what BEER is about.

It’s probably more helpful to look at BEER as a new kind of thing, an independent registrar of metadata. Its job is to assure the authenticity of the metadata it publishes (in terms of establishing that the metadata for an entity has a connection to the owner of the associated domain) without attempting to make guarantees about any of the things you might later layer on top of that “technical trust”. As such, it’s aiming to be a component in an overall trust framework rather than a complete solution in the way that many of the existing federations see their role.

Whether such a service has a long term role to play depends on whether the various existing federations start to converge in terms of their view of their own roles, and of course whether that convergence is in the direction of monolithic trust or in the direction of separation of the different trust components. Both approaches have supporters, of course, and we’ll just have to see how things work out. It will be obvious from previous posts that I’m in the “separate the concerns, behavioural trust is end-to-end” camp, which I’d broadly characterise as the design we chose for the UK federation, and which I think has worked out pretty well in that community.

By coincidence, I’ll be talking at Federated Access Management 2010 (FAM10) next week about how to survive a scary post-apocalyptic future in which not all UK federation metadata originates from the federation’s own members, and BEER will certainly be on the agenda. As will beer, of course, although probably not during the talk.

Tags: