Information    Participants

eduGAIN information

The purpose of eduGAIN is to provide the means for achieving interoperation between different Authentication and Authorisation Infrastructures (AAI).

There are a number of AAI systems developed and in use on the national (NREN) level. Shibboleth (Internet2) is the federation technology used in the Research Networks in the US (Internet2), Switzerland, Finland, Germany, Great Britain, Hungary and Greece (more under development). PAPI is used in Spain, A-Select in The Netherlands, simpleSAMLphp in Denmark and potentially Norway. There is also a RADIUS and SOAP (SAML) based AAI used in Croatia. All these solutions have similar goals: enabling the creation of a trusted environment where users can be identified electronically via an Identity Management System.

In order to be granted access to protected resources and services from other federations, users need to first be successfully authenticated by their home AAI and authorised by the visited Service Provider (usually based on attributes expressing a special role of the user). eduGAIN provides the technology necessary for carrying out these steps and thus interconnecting different AAI systems. It therefore plays the role of a confederation - a federation of federations.

The eduGAIN technology involves a translation of protocols between the ones used in local AAIs and SAML as well as a mapping of attributes depending on local definitions. Secure data transport is ensured by the use of encrypted channels of communication between entities. The information needed for locating entities in the different federations is centralised at a Metadata Service, where it can be dynamically queried and updated.

Participants

This list may be outdated, as more and more participants are joining continuously. If you feel like your organization should be listed here, please do not hesitate to contact jaime.perez@rediris.es and ask for inclusion.