Implementing service level agreements in an identity federation

We claim: 1. A method, comprising: accessing, by a user device, an identity profile provided to the user device by an identity provider (IDP), wherein the identity profile includes a service level agreement (SLA) criterion; receiving, at the user device, an advertisement from a visited network (VN) indicating one or more SLAs supported by the VN, wherein the advertisement is received before the user device has associated with the VN, and wherein the IDP and the VN are part of a same identity federation; and upon determining one of the one or more SLAs supported by the VN satisfies the SLA criterion, associating, by the user device, with the VN. 2. The method of claim 1 , wherein the SLA criterion comprises a minimum bandwidth. 3. The method of claim 2 , wherein the SLA criterion is stored in an identity profile in the user device that was received from the IDP, the identity profile further comprising identity information used by the VN to authenticate the user device with the IDP. 4. The method of claim 3 , wherein the user device associates to the VN only after the VN has authenticated the user device with the IDP based on the identity information. 5. The method of claim 1 , wherein the SLA criterion comprises a maximum latency. 6. The method of claim 1 , further comprising, before associating with the VN: receiving, at the user device, the SLA criterion from the IDP. 7. The method of claim 1 , wherein the VN comprises a Wi-Fi network and the user device is a wireless device. 8. The method of claim 1 , further comprising: upon determining the one or more SLAs supported by the VN does not satisfy the SLA criterion, outputting at least one of a graphical user interface (GUI) or audio message to a user of the user device, the GUI or audio message indicating differences between the SLA criterion and the one or more SLAs supported by the VN; and receiving, after outputting the GUI or audio message, input from the user whether to agree to one of the one or more SLAs supported by the VN in order to associate the user device to the VN. 9. The method of claim 1 , further comprising monitoring, by the user device, compliance of the VN with the SLA criterion. 10. The method of claim 1 , wherein the identity profile further comprises identity information; the method further comprising providing, by the user device, the identity information to the VN for authentication. 11. A non-transitory computer readable medium having program instructions embodied therewith, the program instructions executable by a processor of a user device to perform an operation, the operation comprising: accessing, by the user device, an identity profile provided to the user device by an identity provider (IDP), wherein the identity profile includes a service level agreement (SLA) criterion; receiving, at the user device, an advertisement from a visited network (VN) indicating one or more SLAs supported by the VN, wherein the advertisement is received before the user device has associated with the VN, and wherein the IDP and the VN are part of a same identity federation; and upon determining one of the one or more SLAs supported by the VN satisfies the SLA criterion, associating, by the user device, with the VN. 12. The non-transitory computer readable medium of claim 11 , wherein the SLA criterion comprises a minimum bandwidth. 13. The non-transitory computer readable medium of claim 11 , wherein the SLA criterion comprises a maximum latency. 14. The non-transitory computer readable medium of claim 11 , wherein the operations further comprise, before associating with the VN: receiving, at the user device, the SLA criterion from the IDP. 15. The non-transitory computer readable medium of claim 14 , wherein the SLA criterion is stored in an identity profile in the user device that was received from the IDP, the identity profile further comprising identity information used by the VN to authenticate the user device with the IDP. 16. The non-transitory computer readable medium of claim 15 , wherein the user device associates to the VN only after the VN has authenticated the user device with the IDP based on the identity information. 17. The non-transitory computer readable medium of claim 11 , wherein the VN comprises a Wi-Fi network and the user device is a wireless device. 18. The non-transitory computer readable medium of claim 11 , wherein the operations further comprise: upon determining the one or more SLAs supported by the VN does not satisfy the SLA criterion, outputting at least one of a graphical user interface (GUI) or audio message to a user of the user device, the GUI or audio message indicating differences between the SLA criterion and the one or more SLAs supported by the VN; and receiving, after outputting the GUI or audio message, input from the user whether to agree to one of the one or more SLAs supported by the VN in order to associate the user device to the VN. 19. The non-transitory computer readable medium of claim 11 , wherein the operations further comprise monitoring, by the user device, compliance of the VN with the SLA criterion. 20. The non-transitory computer readable medium of claim 11 , wherein the identity profile further comprises identity information; and wherein the operations further comprise providing, by the user device, the identity information to the VN for authentication.