The eduGAIN interfederation service delivers a platform for the trustworthy exchange of metadata through the coordination of technical infrastructure and policy. This supports the needs of federations in establishing a common baseline for metadata interoperability and furthers the goals of federations to operate in a global identity access and service exchange.
eduGAIN enables federations to exchange service information in a cooperative trust model. Each service offering is delegated to federations and they are able to decide whether this service meets the technical standards of their federation (while a baseline is defined, some federations have more detailed technical requirements). The service’s technical website makes this information available in a transparent manner. The federation certification process requires technical compliance with the Metadata Profile of the eduGAIN Policy Framework. This is achieved through a metadata validation tool allowing federations to monitor their own progress and the progress of other participants.
The eduGAIN interfederation service is deployed using the MDS SAML Aggregator Tool. The aggregation of SAML metadata from member federations is equivalent to compiling a global phonebook of service providers and institutional identity providers that wish to participate in an interfederated environment. The aggregation tool ensures that the information supplied by each federation passes the technical requirements of the interfederation service. Requirements that cannot be programmatically determined are defined in practice statements and reviewed by the eduGAIN Steering Group.
The eduGAIN interfederation service consists of two main elements:
The eduGAIN Policy Framework details the administrative and technical standards that all participant federations must adhere to in order to enable the trustworthy exchange of service information to support identity, authentication and authorisation between partner federations.
The Metadata Distribution Service (MDS) is the instantiation of the Metadata Profile offering the aggregation of compliant metadata between participant federations.
The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. Through eduGAIN, identity providers offer a greater range of services to their users as delivered by multiple federations in a truly collaborative environment; service providers offer their services to users in different federations thereby increasing their target market; and users seamlessly benefit from a wider range of services.
While at one time NRENs were only expected to provide a reliable national network, today’s users expect a range of additional facilities, such as Single Sign-on access to pan-European federated services. Access to such services is provided through a SAML-based Identity Federation that enables NRENs to participate in eduGAIN. Research and Education is becoming increasingly global, with e-Learning platforms, academic journals and more advanced services such as cloud infrastructure reaching an international audience. Prior to the creation of eduGAIN, federation operators were dealing with local identity and service providers and scalability issues arise when expanding a federation beyond the traditional border of the NREN’s community in order to enable those users gain access to global services. The eduGAIN interfederation service has now achieved critical mass having been almost universally adopted by established research and education identity federations worldwide. It is viewed as the only viable solution for emerging federations and is actively working to solve the scalability issues encountered by research infrastructure projects.
Identity holders are able to access multiple services globally, without having to manage extra usernames and passwords. Service providers can accesss an international user base with only one federation process. Federations can scale their user offering beyond their own borders.
The eduGAIN interfederation service aims to provide the following benefits to a range of users:
For Federations:
For Service Providers and Research Infrastructure Projects:
For Identity Holders:
There is no cost for federations to join eduGAIN
With a mature federation and aligned policy, joining can be accomplished within 1-2 days.
Campuses and federations make multiple, bi-lateral agreements outside their borders.
The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. Through eduGAIN, identity providers offer a greater range of services to their users as delivered by multiple federations in a truly collaborative environment; service providers offer their services to users in different federations thereby increasing their target market; and users seamlessly benefit from a wider range of services.
Engagement activities for the eduGAIN service are directed at both federations/NRENs and user communities. The operator community in particular is directly involved in the day-to-day governance of eduGAIN. The eduGAIN team has engaged with the federation operator community to gather feedback on a range of topics. The concluding months of the GN3 project and the initial months of the GN3plus project (covered by this Service Review Report) focussed on a review of the eduGAIN Policy Framework. This framework, initially conceived during the GN3 project, was updated with significant contributions from the community. All existing eduGAIN members adopted this updated policy. Engagement with research infrastructure projects wishing to use eduGAIN takes place via partner federations and directly via the Enabling Users team. Through this team, the eduGAIN community provides expert know-how for research communities looking to integrate their services with eduGAIN. The task seeks to pilot solutions to key user community challenges such as attribute management, non-web use cases, requirements assessments for LoA and other topics. eduGAIN is consistently represented at FIM4R and has been presented at e-infrastructure meetings to organisations such as PaNdata and DASISH