Description and Value Proposition

The eduGAIN interfederation service delivers a platform for the trustworthy exchange of metadata through the coordination of technical infrastructure and policy. This supports the needs of federations in establishing a common baseline for metadata interoperability and furthers the goals of federations to operate in a global identity access and service exchange. 

eduGAIN enables federations to exchange service information in a cooperative trust model. Each service offering is delegated to federations and they are able to decide whether this service meets the technical standards of their federation (while a baseline is defined, some federations have more detailed technical requirements). The service’s technical website makes this information available in a transparent manner. The federation certification process requires technical compliance with the Metadata Profile of the eduGAIN Policy Framework. This is achieved through a metadata validation tool allowing federations to monitor their own progress and the progress of other participants.

The eduGAIN interfederation service is deployed using the MDS SAML Aggregator Tool. The aggregation of SAML metadata from member federations is equivalent to compiling a global phonebook of service providers and institutional identity providers that wish to participate in an interfederated environment. The aggregation tool ensures that the information supplied by each federation passes the technical requirements of the interfederation service. Requirements that cannot be programmatically determined are defined in practice statements and reviewed by the eduGAIN Steering Group.

The eduGAIN interfederation service consists of two main elements:

  • eduGAIN Policy Framework.
  • Metadata Distribution Service (MDS).

The eduGAIN Policy Framework details the administrative and technical standards that all participant federations must adhere to in order to enable the trustworthy exchange of service information to support identity, authentication and authorisation between partner federations.

The Metadata Distribution Service (MDS) is the instantiation of the Metadata Profile offering the aggregation of compliant metadata between participant federations.

 

Offering

The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. Through eduGAIN, identity providers offer a greater range of services to their users as delivered by multiple federations in a truly collaborative environment; service providers offer their services to users in different federations thereby increasing their target market; and users seamlessly benefit from a wider range of services.

 

Reason to Act

While at one time NRENs were only expected to provide a reliable national network, today’s users expect a range of additional facilities, such as Single Sign-on access to pan-European federated services. Access to such services is provided through a SAML-based Identity Federation that enables NRENs to participate in eduGAIN. Research and Education is becoming increasingly global, with e-Learning platforms, academic journals and more advanced services such as cloud infrastructure reaching an international audience. Prior to the creation of eduGAIN, federation operators were dealing with local identity and service providers and scalability issues arise when expanding a federation beyond the traditional border of the NREN’s community in order to enable those users gain access to global services. The eduGAIN interfederation service has now achieved critical mass having been almost universally adopted by established research and education identity federations worldwide. It is viewed as the only viable solution for emerging federations and is actively working to solve the scalability issues encountered by research infrastructure projects.

 

Customer Experience

Identity holders are able to access multiple services globally, without having to manage extra usernames and passwords. Service providers can accesss an international user base with only one federation process. Federations can scale their user offering beyond their own borders.

 

Benefits

The eduGAIN interfederation service aims to provide the following benefits to a range of users:

For Federations:

  • More services for members – enables them to access services from different federations.
  • Lower administration costs – thanks to easier technical integration.
  • Saves time – no need for bilateral agreements with other federations.
  • Trusted – secure collaboration and exchange of information

For Service Providers and Research Infrastructure Projects:

  • Wider audience – offer services to a greater number of users (including international).
  • Lower costs per user – the audience grows without increasing the demand for passwords and user support.
  • For Identity Providers:
  • Offer more to your users – enables access to a wider range of services than are available locally or nationally.
  • No extra administrative burden – if you are already participating in a federation with WebSSO.

For Identity Holders:

  • Students and Researchers can access a wider range of services than are available nationally or locally.
  • One digital identity and password for all services connected through eduGAIN.


Costs

There is no cost for federations to join eduGAIN

 

Time

With a mature federation and aligned policy, joining can be accomplished within 1-2 days.

 

Alternatives

Campuses and federations make multiple, bi-lateral agreements outside their borders.

 

Advantages

The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. Through eduGAIN, identity providers offer a greater range of services to their users as delivered by multiple federations in a truly collaborative environment; service providers offer their services to users in different federations thereby increasing their target market; and users seamlessly benefit from a wider range of services.


Engagement

Engagement activities for the eduGAIN service are directed at both federations/NRENs and user communities. The operator community in particular is directly involved in the day-to-day governance of eduGAIN. The eduGAIN team has engaged with the federation operator community to gather feedback on a range of topics. The concluding months of the GN3 project and the initial months of the GN3plus project (covered by this Service Review Report) focussed on a review of the eduGAIN Policy Framework. This framework, initially conceived during the GN3 project, was updated with significant contributions from the community. All existing eduGAIN members adopted this updated policy. Engagement with research infrastructure projects wishing to use eduGAIN takes place via partner federations and directly via the Enabling Users team. Through this team, the eduGAIN community provides expert know-how for research communities looking to integrate their services with eduGAIN. The task seeks to pilot solutions to key user community challenges such as attribute management, non-web use cases, requirements assessments for LoA and other topics. eduGAIN is consistently represented at FIM4R and has been presented at e-infrastructure meetings to organisations such as PaNdata and DASISH

 


 

 

  • No labels