Post on 04-Jun-2015
Opening up the Campus Identity
Q. How can you offer a web based service to the academic community that requires authentication and authorisation without asking users to register for an account?
Q. How can you offer a web based service to the your own institution that requires authentication and authorisation without handling the users campus credential?
Q. How do I proove that I am a student online in order to get a discount from an e-retailer?
Q. How to aviod repeatedly asking users to enter credentials as they go from one service to another?
Q. How did RCSI, NUIM and DCU establish a web based service shared by two or more collaborating institutions?
A. Edugate
…so what is Edugate?
•IT Department: “Single-sign-on for staff and students”
•Website operator: “like Facebook login button, but for the academic community”.
•User: “one less password, thanks!”
•Eric Clarke: “the only option when it came to delivering a shared VLE”
•HEAnet: Irish instance of 27 such research and education federations
What is Edugate?
•Edugate is a SAML federation.
•SAML is a single-sign-on protocol
•A SAML federation comprises multiple;
• Identity Providers (IdP) An IdP authenticates users against the campus ldap
• Service Providers (SP) An SP authorises those users based on what the IdP
says about the user
•How it works…
What is Edugate?
IdPp
SP
SPSP
IdPp
IdPp
SP
IdP
Campus Federation SP Private Federation(e.g. alliance)
Social IdP Gateway/Proxy
SP
Identity Providers• All publicly funded Universities, Colleges, IoT’s
• Research Agencies/Institutes
• Cavan VEC
Service Providers• Student Discount
• VLE (Blackboard & Moodle)
• HEAnet (policy for all shared services)
• Internal Campus Services and student run services (SU, Societies)
• Academic Publishers
33 IdP, 55 SP and 50 Internal, 60,000 logins/day
Who is using Edugate
• Interfederation with other federations UK agreement in principle, eduGAIN likely by October
• Integration with social login providers (Facebook/Google etc) http://lirgroup.heanet.ie
• Re-use of groups from service to service
• Identity schema extenstion to include photo, course, year etc.
• Use by non-HEAnet institutions
• Use for identity validation step for MOOC?
Potential or future uses
FIN