 EDUcation Global Authentication INfrastructure | |
| Purpose | International interfederation service |
|---|---|
Region served | Worldwide |
| Website | www |
eduGAIN is an international interfederation service interconnecting research and education identity federations. It enables the secure exchange of information related to identity, authentication and authorization between participating federations. The service is managed by a team led by TERENA. eduGAIN® is a registered trademark of DANTE.
The eduGAIN service enables participating federations, which primarily serve the authentication and authorisation interests of research and education sectors, to interfederate. eduGAIN provides an infrastructure for establishing trusted communications between identity providers and service providers in different participating federations. End-users authenticate at identity providers and obtain access to service providers. Technically, eduGAIN is managed by aggregating and distributing signed SAML 2.0 metadata files.
To join eduGAIN, the parent organisation of a federation must sign the eduGAIN policy declaration [1] and submit it to the TERENA Secretariat for the attention of the eduGAIN Operations Team. The Operations Team deals with daily technical issues in the eduGAIN service provision, receives enquiries about eduGAIN and forwards them to the appropriate body, receives and processes applications from federations to join the service, prepares and publishes a federation operational practice statement for the eduGAIN interfederation service, and prepares an audit plan for the eduGAIN operational practices on the request of the eduGAIN Steering Group.
The eduGAIN initiative started as a research activity in the project GN2 [2] (2004-2009) co-funded by the European Union, which also provided the funding for the GÉANT network. The eduGAIN service activity [3] [4] that was started in the successor project GN3 [5] (2009-2013), built upon the eduGAIN that was developed in the GN2 project, but was different. [6] On 1 April 2011, eduGAIN became an operational service. [7] [8]
In 2012, the eduGAIN service started to reach beyond Europe, with the Canadian and Brazilian federations joining the service. [9] In the same year TERENA took up the leadership of the eduGAIN service activity. From April 2013, funding of the service was continued as part of the GN3plus project. [10]
The eduGAIN Steering Group consists of one representative and one deputy representative of each of the federations participating in the service. [11] The Steering Group approves the profiles and documents in the eduGAIN policy framework and their updates, decides about peering relationships, approves the participation of new federations, decides about the disqualification or temporary suspension of participating federations in case of violation of the policy framework, accepts or amends the plan for audits of eduGAIN operations, appoints the Steering Group chair and non-voting invited observers to the Steering Group, and appoints the Operational Team.
Certain decisions of the Steering Group need to be ratified by the eduGAIN Executive Committee, namely changes to the eduGAIN policy framework constitution, the adoption of new technical profiles and other documents in the policy framework that may exclude participating federations from participation in the eduGAIN service, and the approval of major updates to the profiles and documents in the eduGAIN policy framework that are likely to affect any participating federation’s participation in the eduGAIN service. [11] The role of the eduGAIN Executive Committee has been entrusted to the Executive Board of the GN3plus project (April 2013–March 2015). [10]
Thirty national research and education federations have been officially admitted as participants in eduGAIN. The corresponding countries are listed below, with the name of their federation and its parent organisation.
GÉANT is the pan-European data network for the research and education community. It interconnects national research and education networks (NRENs) across Europe, enabling collaboration on projects ranging from biological science, to earth observation, to arts and culture. The GÉANT project combines a high-bandwidth, high-capacity 50,000 km network with a growing range of services. These allow researchers to collaborate, working together wherever they are located. Services include identity and trust, multi-domain monitoring perfSONAR MDM, dynamic circuits and roaming via the eduroam service.
CARNET is the national research and education network of Croatia. It is funded from the government budget and it operates from offices in Zagreb and five other cities.
Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.
The Greek Research and Technology Network or GRNET is the national research and education network of Greece. GRNET S.A. gives internet connectivity, e-infrastructure and other services to the Greek Educational, Academic and Research community. Additionally, GRNET makes digital applications. It also provides services to the following sectors: Education, Research, Health, Culture. GRNET supports all Universities, Technological Education Institutes, Research Centers and over 9,500 schools.
A national research and education network (NREN) is a specialised internet service provider dedicated to supporting the needs of the research and education communities within a country.
The Trans-European Research and Education Networking Association was a not-for-profit association of European national research and education networks (NRENs) incorporated in Amsterdam, The Netherlands. The association was originally formed on 13 June 1986 as Réseaux Associés pour la Recherche Européenne (RARE) and changed its name to TERENA in October 1994. In October 2015, it again changed its name to GÉANT and at the same time acquired the shares of GEANT Limited.
eduroam is an international Wi-Fi internet access roaming service for users in research, higher education and further education. It provides researchers, teachers, and students network access when visiting an institution other than their own. Users are authenticated with credentials from their home institution, regardless of the location of the eduroam access point. Authorization to access the Internet and other resources are handled by the visited institution. Users do not have to pay to use eduroam.
Delivery of Advanced Network Technology to Europe (DANTE) is a not-for-profit company that plans, builds and operates the consecutive generations of the backbone network that interconnects the national research and education networks (NRENs) in Europe. The organisation is based in Cambridge, United Kingdom and was formed in 1993 as a limited liability company owned by Réseaux Associés pour la Recherche Européenne (RARE). Ownership was transferred to a number of NRENs and government agencies in 1994.
The University Computing Centre in Zagreb has a long tradition in the area of information and communication technologies. It was founded in 1971 within the University of Zagreb, the only Croatian university at the time, with the purpose to enhance the implementation of information technologies in the academic community as well as in Croatia in general.
Belgium has well-developed Internet infrastructure, ranking among the top countries in the world in terms of total number of Internet users, fixed broadband users, mobile broadband users, and Internet hosts. Providers typically offer download speeds of 30Mbit/s to 1Gbit/s, and upload speeds of 10Mbit/s to 75Mbit/s. Historically, Belgian Internet providers have imposed data caps on their subscribers, but lately this practice has been disappearing as Belgian Internet infrastructure has expanded.
Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.
GARR is the Italian national computer network for universities and research. The main objective of GARR is to design and manage a very high-performance network infrastructure that delivers advanced services to the Italian academic and scientific community. The GARR network is connected to other national research and education networks in Europe and the world, is an integral part of the global Internet, and thereby promotes the exchange and collaboration between researchers, teachers, and students worldwide.
SANET is the national research and education networking organisation of Slovakia. The SANET association is a non-profit organisation whose members contribute to the operations of the network. It is a member of TERENA.
AMRES is the National Research and Education Networking organisation (NREN) in Serbia. After it was founded on 22 April 2010 as an institution by the Serbian government, AMRES took over the responsibility for the academic network and the associated services from the Computer Centre of the University of Belgrade. AMRES represents Serbia in international forums such as TERENA, but the University of Belgrade is still the organisation representing Serbia in the project that provides the funding for the European backbone network GÉANT.
ACOnet is the name of the national research and education network in Austria. The ACONET association promotes the development and use of that network. ACOnet is not managed and operated by ACONET, but by a unit in the Computing Centre of the University of Vienna that also operates the Vienna Internet Exchange. The University of Vienna represents ACOnet internationally, for example as a member of TERENA and as a participant in the project that funds the European backbone network GÉANT.
Authentication and authorization infrastructure (AAI) refers to a service and a procedure that enables members of different institutions to access protected information that is distributed on different web servers.