An identity federation (or just federation) is a collection of organizations that agree to interoperate under a certain rule set. This rule set typically consists of legal frameworks, policies and technical profiles and standards. It provides the necessary trust and security to exchange identity information to access services within the federation.
Some federations also distinguish the organisations that participate. Often there are federation members (e.g. universities and research institutes), which operate services and provide identities, and federation partners (e.g. commercial companies that offer services to higher education users), which only operate services.
In the context of SAML-based federations, there are the following technical components:
- Identity Provider (IdP): The system component that authenticates a user (e.g. with username and passwords) and issues identity assertions on behalf of the user who wants to access a service protected by a Service Provider.
- Service Provider (SP): The system component that evaluates identity assertions from an Identity Provider and uses the information from the assertion for controlling access to protected services.
- Discovery Service(DS): The Discovery Service service, also known as "Where Are You From (WAYF)" service, lets the user choose his home institution from a list and then redirects the user to the login page of the selected institution for authentication.
How many academic identity federations are?
To get an up-to-date answer for this question, please refer to the REFEDS federations page. REFEDS is a group of Research and Education FEDerations funded mostly by a few National Research and Education Networks and the Internet Society.
eduGAIN - The Global Academic Interfederation Service
eduGAIN is a service that interconnects the participating identity federations. They agree on a set of common standards and policies which ensure interoperability. eduGAIN is therefore also called an interfederation service. Its goal is to enable Pan-European Web Single Sign On (Web SSO) for members of the research and education community.
The eduGAIN interfederation service is intended to enable the trustworthy exchange of information related to identity, authentication and authorisation between the member federations. The eduGAIN service delivers this through co-ordinating elements of the federations' technical infrastructure and a policy framework controlling the exchange of this information.
More overview information can be found on www.edugain.org.