Interfederation and eduGAIN

Today, many countries have established a national authentication and authorization infrastructure (AAI) like SWITCHaai. They mostly are SAML based, which makes them technically interoperable with each other. Interfederation takes place if a user from one federation accesses a service which is registered in another federation. Interfederation services like eduGAIN allow SWITCHaai users to access services operated by universities and research organizations all over the world. Vice versa, services in SWITCHaai can now also be configured to allow AAI users from other countries. Interfederation enables research and education activities to scale their services world-wide.

Goal of Interfederation

The main goal of interfederation is to extend the user community of AAI users to similar user groups beyond the SWITCHaai federation. AAI users from other countries can easier - provided access control rules allow this - access AAI services operated in SWITCHaai. Vice versa, this will allow Swiss users to access AAI services operated in other countries. Interfederation services like eduGAIN provide a common ground for the federations - like technical standards and policies - to deploy interfederation for their users and services.

How can I benefit from Interfederation?

Opting-in for interfederation support (and thus also for eduGAIN) will allow the users of an organization to access more services. They can not only access services operated in SWITCHaai but also services operated worldwide. In particular, university staff members, researchers and students will be able to participate in research projects that use interfederation (eduGAIN) for authenticated access.
Opting-in a SWITCHaai service to eduGAIN allows creating access control rules not only for Swiss higher education users but interfederation users from all over the world.

The above explanations are also nicely illustrated and summarized in the short movie below.

What is eduGAIN?

Interfederation is the general term describing the interconnection of AAI services across the boundaries of an identity federation like SWITCHaai. eduGAIN is an interfederation service that is developed and operated by the European GÉANT project. It is one of the first and currently the largest interfederation service in operation. Its purpose is to provide a common set of technical standards, rules and policies that allow services and organizations from different countries to provide and use AAI-enabled services.

Although GÉANT is a European research project, eduGAIN accepts also non-European federations. The federations from Brazil, Canada and Chile have already joined eduGAIN, others are likely to follow soon.
 

Who is participating in eduGAIN?

The eduGAIN interfederation service started in May 2011. Since then many national AAIs like SWITCHaai have already joined eduGAIN and are ready to interconnect interested services and organizations to eduGAIN. If a federation joins eduGAIN, this does not imply that all of its organizations and services also join eduGAIN. Each and every organization and service of that federation than can decide whether it wants to opt-in to support interfederation or not.

How can users of my organization access Interfederation services?

Every organization can individually opt-in to participate in interfederation via eduGAIN. When a SWITCHaai Home Organization wants to enable interfederation support, it first needs to sign the 'SWITCHaai Interfederation Access Declaration' (see the Sample Declaration). Then the configuration of its Identity Provider needs to be adapted. The whole procedure is described on the Identity Provider Interfederation page.

From a data protection point of view, a Home organization should ensure that the Identity Provider is configured following the legal recommendations as described on the page Legal Templates for SWITCHaai. In particular, it is recommended to deploy a user attribute consent module like uApprove.

To start this process, contact aai@switch.ch and the AAI team will support you in getting ready for Interfederation!

How can my AAI service become part of Interfederation?

Every AAI service can individually opt-in to participate in interfederation via eduGAIN, provided the Home Organization already signed the 'SWITCHaai Interfederation Access Declaration' (see the Sample Declaration). To enable a SWITCHaai service for interfederation and thus allow international users to use the service, the configuration of the Service Provider needs some configuration adaptations. The whole procedure is described on the Service Provider Interfederation page.

To start this process, contact aai@switch.ch and the AAI team will support you in getting ready for Interfederation!

Note: Services offered by SWITCHaai Federation Partners cannot yet be enabled for interfederation.

Which institutions already signed the Interfederation Access Declaration?

Signers of the Interfederation Access Declaration