UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
Who's supplying the keys?
Posted on Tuesday, 24 October 2023
A recent incident affecting a very small number of entities in the UK federation has surfaced issues arising from IdPs and SPs using default cryptographic keys. The risk of using a default key is that someone may impersonate you. As a Service Provider (SP) they may obtain information from an Identity Provider (IdP), whilst hard to achieve, it is not impossible. The risk of an IdP using a default key is that someone may impersonate your IdP almost trivially.
Proposals for a Federated Credential Management API
Posted on Tuesday, 24 October 2023
User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not undermine other frameworks which protect privacy, such as Single Sign On through the UK federation, SAML and OpenID Connect. Jisc is monitoring these proposals from browser vendors and will keep UK federation members updated.
Improving assurance about federated identities
Posted on Tuesday, 24 October 2023
Some services available through the UK federation require more assurance about federated accounts than eduPersonScopedAffiliation by itself. Service owners are asking questions like "has the home organisation seen government-issued photo identification about the account holder?" or "is the identifier re-used when the person leaves?" If you are asking similar questions, you may find the REFEDS Assurance Framework (https://refeds.org/assurance) useful.
Shibboleth IdP version 5 has been released
Posted on Tuesday, 24 October 2023
In September 2023, the Shibboleth Project released version 5 of the Shibboleth IdP. The Shibboleth Project has also given notice that the planned end of life date for version 4 is 1 September 2024. Until then, they will be issuing security patches for version 4 if necessary, although there will be no further functional enhancements.
End of Support for Shibboleth v3 IdP
Posted on Tuesday, 24 October 2023
Shibboleth IdP version 3 reached its end of life at the end of 2020. The Shibboleth project is not providing any security releases for this version and there are no bugfix releases. Please ensure you are not using this version.
UK federation position paper about SAML subject identifiers
Posted on Tuesday, 24 October 2023
The UK federation recommends using eduPersonTargetedID as a pseudonymous persistent identifier when the service needs no personal information to function and you need to preserve privacy for end users.