Trust & Identity for institutions and service providers
For organisations that provide digital identities or online services, the Trust and Identity activities of GÉANT, National Research and Education Networks (NRENs), National Identity Federations and other partners, provide various levels of support and benefit:
- simplifying the secure exchange of information about users of digital identities and services;
- creating a trusted environment in which users' identities and level of authorisation to access services can be validated;
- enabling user identities to cross borders between organisations, services and countries;
- innovating trust and identity technologies, infrastructures and services;
- advocating for and developing policies, relationships and best practices that benefit all parties in the trust and identity environment.
The big picture
Many organisations use Authentication and Authorisation Infrastructures (AAIs) to manage user access to online resources such as service, data, tools and software.
Users such as students, researchers or staff from research and education institutions may be eligible to access particular resources based on their role within the institution or within an international collaborative project. Being able to identify that a person is affiliated with a certain organisation, is who they say they are, and is an authentic user based on their status as e.g. a student is fundamental to the trust and identity solutions that support them.
Many universities, research institutes and other 'home organisations' provide their students, staff, educators and researchers with a digital identity. Acting in this way as an identity provider (IdP), the home insitutions are able to confirm that their identity users are authentic students etc., based on a set of attributes that characterise the users in given contexts.
Providers of services such as library resources, research tools, or content providers - known as service providers (SPs) - rely on identity providers to authenticate users and confirm whether they are authorised to access a given service or resource.
The need for user identities to cross borders between organisations, services and countries led to the creation of identity federations for research and education. Identity federations are groups of IdPs and SPs that agree to a set of policies for the secure and privacy-preserving exchange of information about users and resources. There are many research and education identity federations around the globe, usually with national coverage. The GÉANT community participates in the Research and Education Federations group REFEDS, which articulates the needs of these groups worldwide.
The GÉANT community also developed the eduGAIN interfederation service, which simplifies the interconnection of identity federations and their participating IdPs and SPs around the world.
Find your Trust and Identity solution
Support for Institutions
Authentication and Authorisation Infrastructure (AAI) services help institutions to improve opportunities for research and education collaboration in several ways:
- manage access to their own resources;
- provide their users with access to additional 3rd-party resources via their national identity federation;
- allow 3rd parties such as visitors to have controlled access to the institution's services or resources;
- support mobility of students and staff when they travel across campus or internationally to study or work.
These AAI solutions help institutions to:
- provide a Single Sign-On (SSO) accesss solution that reduces the complexity of user account and password management for -
- students and staff - improving their user experience;
- IT support staff - allowing accounts to be created and managed centrally and reducing the support burden.
These benefits also improve the ability to compete with other institutions as attractive places to study, work and conduct research.
Institutions can support mobility for their students and staff to study and work across campus or internationally with the support of trust and identity services:
eduroam - user mobility with benefits for institutions
Available in tens of thousands of locations around the world, the eduroam global WiFi roaming service uses secure encryption to authenticate students, researchers and staff while they travel for study, work or leisure, easily getting online with just their institution-provided digital identity.
By providing eduroam, institutions support both travel across campus and international user mobility, e.g. through the EU's Erasmus+ programme. The availability of eduroam help make institutions attractive places for study, research, international exchanges and event venues - without increasing the user support burden for IT staff.
Support for eduroam provision by institutions is available at international level from GÉANT and at national level by your national research and education network (NREN).
Erasmus+ - international mobility with Trust & Identity support
Institutions that are eligible for Erasmus+ participation can support student participation in the programme and use of its online tools via one of two routes:
Support for Service Providers
AAI solutions allow service providers to focus on delivering information and services to users without the need to create and manage user accounts and passwords. This allows you to grow your audience by making your service available to a larger number of users around the world, without increasing the burden of administrative support. In this way, trust and identity solutions lower the maintenance cost per user. Federated and interfederated access allow control of access to services on an institution-by-institution basis - permitting faster take-up of services and reducing contract management costs.
If you provide services to research communities...
Increasing numbers of research communities are using eduTEAMS as the basis for tailored authentication and authorisation services and to create and manage virtual teams.
Service Providers who target a particular research community should contact that community in order to connect their services.
If you provide other kinds of services...
Service Providers wishing to make their services more widely available to the research and education community should speak to their national identity federation - see the REFEDS map of federations .
If you provide online student discounts...
InAcademia is the real-time, digital equivalent of asking a student to show their student card so they can access discounts when buying online services and products. Providing a lightweight gateway to the privacy-preserving eduGAIN service to verify student and academic affiliations, InAcademia provides merchants with a quick, easy, reliable and secure way to validate academic affiliation for the student market.