...
X509 authentication has proven to be scalable and to work for almost any use case, from a technical point of view. New user communities prefer to use other technologies for the authentication, for example username/password based authentication.
EUDAT
Federated access has been one of the goals from the beginning of the EUDAT project. EUDAT infrastructure is designing a new service called B2ACCESS to enable the integration of federated IdP with the EUDAT services. The use cases for this service are:
- Integrating new IdPs and enabling SSO for the users using credentials they already own
- Providing an EUDAT unique identifier for the users
- Providing additional attributes associated to the user identity
- Providing catch-all IdP for homeless users
This solution may support also non federated IdPs, nevertheless it would benefit from federated identity management relying on the LoA and the other best practices implemented in a federation.
As technical solution for B2ACCESS EUDAT is deploying unity-idm.
The level of information available is different in each of the communities and needs to be tackled case by case as more and more communities join the EUDAT infrastructure.
In general the EUDAT experience with AAI solutions is good both in terms of usability and quality delivered. The technologies currently enabled in EUDAT are X509 certificates, SAML2 and OpenID Connect/OAuth2.
B2ACCESS is not yet integrated in eduGAIN, but this is high in the list of priorities, currently it is under testing with an handful of IdPs and users.