WAYF to launch new federation architecture and platform

WAYF is currently developing new software for handling the federation's login traffic on its central servers. Launch of this new platform is expected in early April, 2018.

Service providers and identity providers participating in WAYF will be notified further and directly. But it should not be necessary for them to do anything, as their interface towards WAYF will remain unaltered; only WAYF's backend behind the interface changes.

WAYF's new platform implements a hybrid between WAYF's current 'hub&spoke' federation architecture (where services and institutions only 'see' each other through WAYF's hub) and the peer2peer, or 'mesh', architecture (where services and institutions 'see' each other directly). This will make it far easier for services connected to WAYF to receive logins from foreign institutions in eduGAIN – while retaining the many advantages to having a central hub in the federation, e.g. the technically simple connection, and the ability to translate between different federation protocols.

Our new platform is written in Go, and will, due to its far smaller codebase and far simpler structure, be markedly easier to maintain than our current platform. It is systematically and thoroughly tested, on both the library and the functional levels, and will soon be pen-tested by German XML security experts. In its SAML2 implementation WAYF's new platform aims at Kantara's Implementation Profile for Federation Interoperability.