Opening up the Campus Identity

Q. How can you offer a web based service to the academic community that requires authentication and authorisation without asking users to register for an account?

Q. How can you offer a web based service to the your own institution that requires authentication and authorisation without handling the users campus credential?

Q. How do I proove that I am a student online in order to get a discount from an e-retailer?

Q. How to aviod repeatedly asking users to enter credentials as they go from one service to another?

Q. How did RCSI, NUIM and DCU establish a web based service shared by two or more collaborating institutions?

A. Edugate

…so what is Edugate?

•IT Department: “Single-sign-on for staff and students”

•Website operator: “like Facebook login button, but for the academic community”.

•User: “one less password, thanks!”

•Eric Clarke: “the only option when it came to delivering a shared VLE”

•HEAnet: Irish instance of 27 such research and education federations

What is Edugate?

•Edugate is a SAML federation.

•SAML is a single-sign-on protocol

•A SAML federation comprises multiple;

• Identity Providers (IdP) An IdP authenticates users against the campus ldap

• Service Providers (SP) An SP authorises those users based on what the IdP

says about the user

•How it works…

What is Edugate?

IdPp

SP

SPSP

IdPp

IdPp

SP

IdP

Campus Federation SP Private Federation(e.g. alliance)

Social IdP Gateway/Proxy

SP

Identity Providers• All publicly funded Universities, Colleges, IoT’s

• Research Agencies/Institutes

• Cavan VEC

Service Providers• Student Discount

• VLE (Blackboard & Moodle)

• HEAnet (policy for all shared services)

• Internal Campus Services and student run services (SU, Societies)

• Academic Publishers

33 IdP, 55 SP and 50 Internal, 60,000 logins/day

Who is using Edugate

• Interfederation with other federations UK agreement in principle, eduGAIN likely by October

• Integration with social login providers (Facebook/Google etc) http://lirgroup.heanet.ie

• Re-use of groups from service to service

• Identity schema extenstion to include photo, course, year etc.

• Use by non-HEAnet institutions

• Use for identity validation step for MOOC?

Potential or future uses

FIN