Key concepts

Many organisations use Authentication and Authorisation Infrastructures (AAIs) to build a trusted environment where users can be identified electronically using a single identity. The necessity for user identity to cross borders between organisations, domain and  services, lead to the creation of federated identity environments.

Home organisations (e.g. a university, library, research institute etc.) register users by assigning a digital identity. They also operate an Identity Provider and are able to authenticate their users and provide a limited set of attributes that characterise the user in a given context. Resource owners (Service Providers) delegate the authentication to Identity Providers in order to control access to the provided resources.

An Identity federation is a group of Identity and Service Providers that sign up to an agreed set of policies for exchanging information about users and resources to enable access to and use of the resources. There are many Research and Education identity federations around the globe and they commonly have a national coverage. To discover worldwide identity federations, view the REFEDS map.

eduGAIN interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. The eduGAIN technology involves a “metadata service”, which regularly retrieves and aggregates information from participating federations about Service and Identity Providers, and makes this information available to federations. eduGAIN coordinates necessary elements of the federations’ technical infrastructure and provides a policy framework controlling the exchange of this information between Identity Federations. For an overview of identity federations currently in eduGAIN, visit the eduGAIN federations page.

More technical information about eduGAIN service is available at the eduGAIN wiki pages.