One of the aspects of the e-Infrastructure is the authentication and authorisation of the users. The technology that is widely used today is federated access.
The key principle behind federated access is that user’s credentials are handled by the user’s organisation (typically the user’s affiliations), also called Identity Provider (IdP). The user can log in using the same credentials to different resource providers that have agreed to accept those credentials. In practice the authentication and the authorisation of the users are decoupled: the authentications is done by the user’s organisation whilst the authorisation is done by the resource provider.
What are the benefits?
Federated access effectively reduces the number of credentials for the users, increases security as users have to remember less credentials and improves the users experience offering single sign on – sign in once, access more resources.
How does that work?
Thanks to agreements between the IdP and the resource providers, the users can authenticate at their own IdP which in turns sends the necessary information to the resource provider. To provide federated access the resource provider need to add the necessary technical support. Resource providers should contact the R&E federation operators in their country for technical support.
|video on Federated Access prepared||video on Inter-Federation and eduGAIN|
Help us to gather information on the requirements for authentication and authorisation in the cultural heritage community by filling in the DCH-RP questionnaire!