What is eduGAIN?
eduGAIN is a global interfederation service that interconnects multiple identity federations, both technically and legally. It allows a user from one identity federation to access services in another identity federation.
Who is participating in eduGAIN?
eduGAIN is developed for the benefit of the higher education and research communities, thus primarilry universities and research organisations. eduGAIN aims at connecting all SAML-based academic identity federations world wide. Around 60% of all academic identity federations are already eduGAIN members. As of 2014, the national identity federations of more than 20 countries were already participating in eduGAIN. Have a look at the eduGAIN Members page to get an up-to-date overview.
Why using eduGAIN?
There are more and more services operated by research and education communities around the world. Most of them need authentication and authorisation. So, they could ask themselves, why not allow users to log in using Facebook Connect, Google, Twitter or another social network?. This saves the user to remember yet another password and there are APIs that make integration sufficiently easy. However, not all users of cloud services have an account on these social networks but they all have an account at their university or research institute. Even if all users had an account at Facebook or similar, there will be a substantial amount of them who won't be willing to use an account, which mostly serves private needs, to also subsribe to a cloud service. Also, none of these social networks is authoritative of the user's affiliation. Also, the social networks can neither ensure a user's identity nor a user's affiliation with a particular (academic) organisation. Both of which is generally the case for eduGAIN users. What's more, wheareas accounts on social networks exist forever, this is not true for an eduGAIN account. If a student finishes his studies or changes his job, his account will be deleted (or at least his identifier will change) and he won't be able to access the cloud services anymore. In the context of services that are operated at special rates or license agreements only for users of the higher education and research community, this automatic deprovisioning ensures that only eligible users have access to these services.
Is eduGAIN open to commercial vendors?
Most federations accept services of commercial vendors as long as there is a benefit for the higher education and research communities. Most companies that offer their services already to one or more federations are either digitial content providers (e.g. Elsevier, Springer, Thomson Reuters, MetaPress, etc.) or they offer specific services/goods to students and staff members of universities (e.g. Microsoft, Apple, alumni organisations, online shops, etc. ). The same companies could also offer their services in eduGAIN via an existing federations, which allows them to extend their user base to the whole world.
How to join eduGAIN?
Only established identity federations can join eduGAIN. Individual organisations and services first have to join an existing identity federation that already is eduGAIN Member in order to become eduGAIN-enabled. Depending on the federation, enabling a service for eduGAIN consists of a legal step (signing a document) and a few technical adapatations (configuring services to accept SAML assertions from eduGAIN entities). If a service or organisation already is federated, the efforts to become eduGAIN-enabled in generally are small. From a commercial vendor's point of view it is to first find an identity federation that already is participating in eduGAIN. Next step would be to become member of that federation and then in a second step become eduGAIN-enabled with the help of that federation. Becoming member of federation is free in most federations. Some federations will charge fees to expose a service of commercial vendors to eduGAIN.
What does IdP, SP, DS, Interfederation, etc. mean?
Please have a look at the terminology page for learn more about some of the most used acronyms and terms.