As science and education is becoming global, federated identity is becoming a key part of the digital infrastructure supporting it. Instead of managing a vast amount of user names and passwords we want one digital identity, a “passport” reusing login information and giving us secure and easy access to all the services and resources we require to study, do research, and collaborate with colleagues across borders.
Research and education networks have spearheaded the development of this digital recycling, in technical terms called “federated identity”, and it is consistently one of the most highly appreciated features of the typical NREN service offering.
Where are you from? And can I trust you? These are the key questions answered 18.3 million times yearly by the Danish identity federation WAYF. WAYF stands for Where Are You From, and the system permits using one single login to access a whole range of web-based services. WAYF creates connections between the login systems at the connected institutions and external web-based services and ensures that users give their consent to have information about them passed on to these services.
WAYF is one of many identity federations, all serving as secure and user-friendly bridges between users and resources in the research and education community. Across the globe, a lot of other similar systems have been built or are in the making. As an example, WAYF is helping a group of South African universities to establish a federated identity service for their users.
Henrik Larsen, director of Danish WAYF elaborates:
“Also in South African research and education institutions there is a trend towards collaborative research across institutions. Furthermore, researchers need to share large, expensive research infrastructure items. Whenever a user outside an institution wants to access resources on that institution, identity needs to be managed. These are the same challenges that WAYF was created to solve, and we’re happy to help a group of eight South African universities establish a federated identity service. Hopefully, in five years time, there will be a solution that is in widespread use in South Africa, not just among the funding universities.”
The many identity federations were originally developed for national use only. Now the increasing globalisation of research and education is challenging the technology. Cross border interoperability, also called interfederation, is a complex endeavour, and so the global digital recycling centre is only developing slowly.
Leading the way are interfederation initiatives like eduGAIN and REFEDS, connecting identity federations around the world, simplifying access to content, services and resources for the global research and education community.
Henrik Larsen, director of Danish WAYF, explains:
“Nationally these federations work very well, and now we’re finding ways to collaborate internationally. You could compare it to the beginning of international telephony or aviation. It took some time to agree on the principles of how to cooperate. The technical side of things is not the issue. It is more a question of how to handle the trust issues, not least in relation the differences in legal framework in each country.
“It is difficult to achieve a consensus on how to release the information needed to connect identity providers and service providers. But there is some progress, mainly through the eduGAIN and REFEDS initiatives. They have proposed specific sets of metadata, serving as “trust marks”, enabling identity providers to automatically approve service providers carrying these trust marks. Called REFEDS Research and Scholarship and GÉANT Data Protection Code of Conduct, they are slowly gaining traction in the global identity federation community.”
As an example, the American Laser Interferometer Gravitational Wave Observatory (LIGO) joined InCommon, American Internet2’s trust and identity management infrastructure, incorporating the REFEDS Research and Scholarship Entity Category, to allow its hundreds of scientists to use existing credentials from their home university or research organization. This gave the researchers safe and secure access, and single sign-on convenience, to global collaboration tools and resources.
Henrik Larsen, director of Danish WAYF, elaborates:
“As we are slowly solving the problems of identity management and interfederation on a global level, we’ll see an increasing use of the global digital infrastructure of science and education. The key to this is security, accessibility and ease-of-use, and the global research and education network community is working closely together to achieve this.”