ACOnet | Services & Tool... | Identity Federation
last change: June 28, 2016

ACOnet Identity Federation

The ACOnet Identity Federation makes it easier to offer shared services across the whole (identity) federation. This is accomplished by extending the scope of an (electronic) identity, issued by any member of the federation, to be valid across the whole federation.

ACOnet's Identity Federation Policy specifies the relevant procedures and practices, as well as technology profiles describing implementation of the policy in terms of specific technologies.

There are two categories of members in ACOnet's Identity Federation:

  • Identity Providers (IdP) - provide the required infrastructure for the authentication of users
  • Service Providers (SP) - provide services to other federation members or allow access to resources.

Any ACOnet participant may act as both IdP and SP at the same time, whereas entities external to ACOnet may join as SPs, thus offering goods or services.

Membership as IdP
Membership as SP

Currently, participation in the ACOnet Identity Federation is free of charge both for IdPs and for SPs. Any changes regarding fees need to be announced by July 1st of the preceeding year.

The ACOnet Identity Federation utilizes the following technologies, as further specified in the corresponding technology profiles:


eduID is an Authentication and Authorization Infrastructure (AAI), based on SAML 2.0. For details see the SAML WebSSO Technology Profile.

A federation allows service providers (such as libraries, databases, etc.) to grant users from other "federated" organizations access to their services, without having to manage user-IDs, usernames and associated passwords locally. Enabling access is based on a formal contractual relationship. The necessary access credentials are exchanged within a cryptographically protected environment.

The Wiki provides additional documentation, background information and experiences with federated Identity Management; in particular regarding Shibboleth and web single sign-on (WebSSO).

More information describing the ACOnet Identity Federation, and also the federations of other NRENs, can be found on the REFEDS website.


eduroam is an Authentication and Authorization Infrastructure (AAI) based on RADIUS or RadSEC. For details see the eduroam Technology Profile.

This infrastructure allows users from participating institutions access to the network (usually WiFi) at the locations of other participating organizations, using their home organisation's credentials. The administrative overhead required for this capability is minimal. Depending on local policies at the visited institution, eduroam participants may also have additional resources at their disposal.

Further information may be found at