International authentication with eduGAIN, ou comment fédérer les identités au niveau international
58 : International authentication with eduGAIN, ou comment fédérer les identités au niveau international
An identity federation consists of multiple organisations (e.g. universities and research institutes) that agree to use a common infrastructure for authentication and authoirsation. eduGAIN is a global interfederation service that interconnects multiple identity federations, both technically and legally. It allows a user from one identity federation to access services in another identity federation. By September 2013 more than half of all known academic identity federations are already connected to eduGAIN. However, many institutions (e.g. universities) of the participating federations have yet to make the necessary adaptations to become part of eduGAIN. The adoption on institution level currently is slower due to complicated policy and data privacy issues. In particular the release of user information from one jurisdiction to another one.
RENATER has already signed the eduGAIN constitution and implemented the necessary technical changes on the federation level. Therefore, institutions that are members of the Fédération Education-Recherche (FER) can now benefit from eduGAIN as well. By joining eduGAIN, Service Providers can offer their services to a wider audience in the research and education community; this of course requires a few technical changes e.g. regarding the discovery service and the user attribute requirements. The same applies for Identity Providers that want to offer their users access to services operated in eduGAIN; they for example will have to fine-tune the attribute release policies and add a few internationally supported attributes.
The article outlines and explains eduGAIN in general as well as the necessary steps that service operators and institutions in FER need to take when getting eduGAIN-enabled.