ACOnet-AAI
The „ACOnet-AAI Federation“, in cooperation with interested ACOnet Participants, is offering a pilot service for federated Access- and Identity Management. The federation is based on SAML 2.0 (as implemented in e.g. Shibboleth or simpleSAMLphp). It has emerged from, and incorporates experience gained, when setting up Vienna University's Authentication and Authorization Infrastructure (AAI).
A federation allows service providers (like libraries, databases, etc.) to grant users from other "federated" organizations access to their services - without having to locally manage user-IDs, usernames and associated passwords. Enabling access is based on a formal contractual relationship and the necessary access credentials are exchanged within a cryptographically protected environment.
The AAI-Wiki (German language only) provides additional documentation, background and experience with federated Identity Management; in particular regarding Shibboleth and web single sign-on (WebSSO).
More information describing the “ACOnet-AAI Federation” and also the federations of other NRENs can be found in the Wiki of REFEDS (Research and Education FEDerations), a TERENA task force.
Categories of ACOnet-AAI Federation members:
- Identity Provider (IdP) – provides the required infrastructure for the authentication of users
- Service Provider (SP) – provides other federation members with services or access to resources.
An ACOnet Participant may act as IdP as well as SP at the same time, while external suppliers can only join as SPs.
The ACOnet AAI Federation will become a regular ACOnet Service, when the terms of reference have been finalized and all agreements are in place. The target-date for that transition is during summer 2010.