Identity Services

Identify services will be provided by Maeen for simplifying user collaboration across the academic and research community locally and internationally. Maeen’s user expects a range of additional facilities such as access to European or American federated services. Providing such services becomes easier with an Identity Federation concept.  Large international research projects are another specific group with strict requirements for an Authentication and Authorization Infrastructure (AAI). Maeen is facing the demand to provide services such as access to large datasets to an expanding platform of collaborations that need to overcome organizational and national boundaries. These “Large Projects” often have many service providers deployed in different countries, which presents a challenge to federating these service.

Maeen vision is to achieve truly open research network. The users need to be able to log on to their institution network wherever they are working and access their resources. The network infrastructure should appear to be one seamless resource in which the many interconnected networks are invisible but where access to confidential user-project data remains controlled. Maeen will be federated with the following services:

eduroam

eduroam (education roaming) is an international roaming service for academic and research users. It provides them with an easy and secure network access when visiting an institution other than their own. Authentication of users is performed by their home institution, using the same credentials as when they access the network locally, while authorization to access the Internet and possibly other resources is handled by the visited institution. In some countries, Internet access via eduroam is also available at other locations than the participating institutions (e.g., in libraries, public buildings, railway stations and airports).

eduroam technology is based on 802.1X standard and a hierarchy of RADIUS proxy servers. Every member institution has its own RADIUS server which processes authentication requests for its own users. The RADIUS server is connected to the National-Level RADIUS server which is will be the main RADIUS server for Maeen network and will be used in the authentication and accounting requests between eduroam member sites. National Radius server will be connected with the international top-level RADIUS which are connected with other National RADIUS servers from other international NRENs.

eduGAIN

eduGAIN is a service developed within the GÉANT Project - a major collaboration between European national research, education network (NREN) organizations and the European Union. eduGAIN service interconnects the participating identity federations. They agree on a set of common standards and policies which ensure interoperability. eduGAIN is therefore also called an inter-federation service. Its goal is to enable Web Single Sign On (Web SSO) for members of the research and education community.

The eduGAIN service is intended to enable the trustworthy exchange of information related to identity, authentication and authorization between the member federations. The eduGAIN service delivers this through coordinating elements of the federations' technical infrastructure and a policy framework controlling the exchange of this information as illustrated in the figure below:

The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community.

Maeen integration with eduGAIN will simplifying access to content, services and resources for the global research and education community.

eduPKI

The eduPKI service being developed within the GÉANT project; and aims to ease the adoption of digital certificates within the project in a cost-effective manner in order to support other GÉANT services in defining their security requirements as well as to provide them with reliable digital certificates. Digital certificates are issued by Certification Authorities (CAs) and are widely used to guarantee secure and reliable communication between servers, users or between a user and a server. Examples of this are: a user connecting to a Web server securely using a web browser; or two users securely exchanging an email.

eduPKI builds on existing NREN CA services, federating them to make all participating CAs available to GÉANT’s services. A federated approach brings an increased efficiency since a number of national CAs is already well-established and used within the NREN environment. eduPKI aims to enable GÉANT services to obtain digital certificates from CAs operated by NRENs participating in the project that meet those services' requirements.

Moonshot

Janet Moonshot is a technology, based on the IETF ABFAB open standards, that aims to enable federated access to virtually any application or service.

Moonshot enables simplified sign-on by helping users manage multiple credentials. This helps to reduce the adminstration involved in the management of identifies, so you can get on with your core business activities.

Moonshot extends the range of applications and services that can consume federated identity and improves the security of your services by controlling access to resources. User identities are managed internally so are kept safe, and participants of collaborative projects are able to easily access project resources.

InCommon

InCommon is similar to eduGAIN but it is used for USA Internet2 network.  InCommon operates the identity management federation for U.S. research and education, and their sponsored partners. The federation provides a common framework for trusted shared management of access to online resources. Through InCommon, Identity Providers can provide their users with a Single Sign-On (SSO) convenience and privacy protection, while online Service Providers control access to their protected resources. InCommon uses SAML-based authentication and authorization systems (such as Shibboleth) to enable scalable and trusted collaborations among its community of participants.

The mission of InCommon is to create and support a common trust framework for U.S. education and research. This includes trustworthy shared management of access to online resources in support of education and research in the United States. To achieve its mission, InCommon will facilitate development of a community-based common trust fabric sufficient to enable participants to make appropriate decisions about the release of identity information and the control of access to protected online resources. InCommon is intended to enable production-level end-user access to a wide variety of protected resources.