normal fontsizemedium fontsizelarge fontsize Printable version
last change: July 08, 2014

ACOnet Identity Federation

The ACOnet Identity Federation is introduced to facilitate and simplify offering shared services across the whole (identity) federation. This is accomplished by using technologies to extend the scope of an (electronic) identity, issued by any member of the federation, to be valid across the whole federation.

ACOnet's Identity Federation Policy defines the federation by specifying procedures and practices, complemented with Technology Profiles describing implementation of the policy in terms of specific technologies.

Categories of members in ACOnet's Identity Federation:

  • Identity Provider (IdP) - provides the required infrastructure for the authentication of users
  • Service Provider (SP) - provides services to other federation members or allows access to resources.

Any ACOnet Participant may act as both IdP and SP at the same time, while external entities supplying goods or services can only join as SPs.

Membership as IdP
Membership as SP

Currently there are no fees attached to the participation in the ACOnet Identity Federation, neither for IdPs nor for SPs. According to the Policy, any change in the cost model has to be communicated by July 1st for the following year.

The following technologies, specified in the particular Technology Profile, are used in the ACOnet Identity Federation:


eduID is an Authentication and Authorization Infrastructure (AAI) based on SAML 2.0. For details see the SAML WebSSO Technology Profile.

A federation allows service providers (like libraries, databases, etc.) to grant users from other "federated" organizations access to their services - without having to locally manage user-IDs, usernames and associated passwords. Enabling access is based on a formal contractual relationship. The necessary access credentials are exchanged within a cryptographically protected environment.

The Wiki provides additional documentation, background and experience with federated Identity Management; in particular regarding Shibboleth and web single sign-on (WebSSO).

More information describing the ACOnet Identity Federation, and also the federations of other NRENs, can be found on the REFEDS website.



eduroam is an Authentication and Authorization Infrastructure (AAI) based on RADIUS or RadSEC. For details see the eduroam Technology Profile.

This infrastructure allows users of participating institutions to access the network (usually WLAN) at other participating organizations, using their home-organisation's credentials. This capability requires just minimal adminstrative overhead. Depending on local policies at the visited institutions, eduroam participants may also have additional resources at their disposal.

Further information can be found at