- Enables trustworthy exchange of identity information between federations without many bilateral agreements
- Reduces the costs of developing and operating services
- Improves the security and end-user experience of services
- Enables service providers to greatly expand their user base
- Enables identity providers to increase the number of services available to their users
eduGAIN is a world-wide infrastructure that has been operational since 2011. As such it also has a few issues that you should be aware of:
While eduGAIN provides many benefits for service operators, organisations and users, there also are a few limitations that a service operator should be aware of.
The publication in eduGAIN, for a Service Provider allows reaching a large audience of higher education users (students, researchers, staff of higher education institutions) without the technical and administrative difficulties of maintaining and protecting repositories of user credentials. This is because authentication is always handled directly at and by the user’s home Identity Provider, while the Service Provider only has to deal with user Authorization. In Identity and Access Management, authentication is the process of confirming a user’s identity, usually by verifying the knowledge of a set of credentials (username, password). Authorization is the process of determining the access rights an authenticated user is eligible for. In eduGAIN terms, this would mean that a user accesses the Service Provider with an assertion of his identity and the Service Provider trusts that assertion because it comes from a trusted relying party, but it is always the Service Provider that decides to which parts of the service this authenticated user should have access.