Identity Services

Identify services will be provided by Maeen for simplifying user collaboration across the academic and research community locally and internationally. Maeen’s user expects a range of additional facilities such as access to European or American federated services. Providing such services becomes easier with an Identity Federation concept.  Large international research projects are another specific group with strict requirements for an Authentication and Authorization Infrastructure (AAI). Maeen is facing the demand to provide services such as access to large datasets to an expanding platform of collaborations that need to overcome organizational and national boundaries. These “Large Projects” often have many service providers deployed in different countries, which presents a challenge to federating these service.

Maeen vision is to achieve truly open research network. The users need to be able to log on to their institution network wherever they are working and access their resources. The network infrastructure should appear to be one seamless resource in which the many interconnected networks are invisible but where access to confidential user-project data remains controlled. Maeen will be federated with the following services:

eduroam

eduroam (education roaming) is an international roaming service for academic and research users. It provides them with an easy and secure network access when visiting an institution other than their own. Authentication of users is performed by their home institution, using the same credentials as when they access the network locally, while authorization to access the Internet and possibly other resources is handled by the visited institution. In some countries, Internet access via eduroam is also available at other locations than the participating institutions (e.g., in libraries, public buildings, railway stations and airports).

eduroam technology is based on 802.1X standard and a hierarchy of RADIUS proxy servers. Every member institution has its own RADIUS server which processes authentication requests for its own users. The RADIUS server is connected to the National-Level RADIUS server which is will be the main RADIUS server for Maeen network and will be used in the authentication and accounting requests between eduroam member sites. National Radius server will be connected with the international top-level RADIUS which are connected with other National RADIUS servers from other international NRENs.

eduGAIN

eduGAIN is a service developed within the GÉANT Project - a major collaboration between European national research, education network (NREN) organizations and the European Union. eduGAIN service interconnects the participating identity federations. They agree on a set of common standards and policies which ensure interoperability. eduGAIN is therefore also called an inter-federation service. Its goal is to enable Web Single Sign On (Web SSO) for members of the research and education community.

The eduGAIN service is intended to enable the trustworthy exchange of information related to identity, authentication and authorization between the member federations. The eduGAIN service delivers this through coordinating elements of the federations' technical infrastructure and a policy framework controlling the exchange of this information as illustrated in the figure below:

The eduGAIN service interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community.

Maeen integration with eduGAIN will simplifying access to content, services and resources for the global research and education community.

eduPKI

The eduPKI service being developed within the GÉANT project; and aims to ease the adoption of digital certificates within the project in a cost-effective manner in order to support other GÉANT services in defining their security requirements as well as to provide them with reliable digital certificates. Digital certificates are issued by Certification Authorities (CAs) and are widely used to guarantee secure and reliable communication between servers, users or between a user and a server. Examples of this are: a user connecting to a Web server securely using a web browser; or two users securely exchanging an email.

eduPKI builds on existing NREN CA services, federating them to make all participating CAs available to GÉANT’s services. A federated approach brings an increased efficiency since a number of national CAs is already well-established and used within the NREN environment. eduPKI aims to enable GÉANT services to obtain digital certificates from CAs operated by NRENs participating in the project that meet those services' requirements.

Moonshot

Janet Moonshot is a technology, based on the IETF ABFAB open standards, that aims to enable federated access to virtually any application or service.

Moonshot enables simplified sign-on by helping users manage multiple credentials. This helps to reduce the adminstration involved in the management of identifies, so you can get on with your core business activities.

Moonshot extends the range of applications and services that can consume federated identity and improves the security of your services by controlling access to resources. User identities are managed internally so are kept safe, and participants of collaborative projects are able to easily access project resources.

Maeen Federation

Federation Policy

Maeen Federation Policy v1.0

Federation Registration Policy

Maeen Federation Metadata Registration Practice Statement (MRPS) v1.0

Technology Profile

Maeen Federation Technology Profile v1.0

Available Federations

Maeen Test Federation

Provides a test environment for Maeen Federation members where they can test and experiment with services without subscribing to Maeen Federation.

Maeen Production Federation

Is the production environment where real data is being used. By joining the Production Federation, members will be able to authenticate to other organizations and use available services.

 

Joining Maeen Federation

1-Are You Eligible?

Subscription to the federation is available to MAEEN members, and any organisation or institution that undertakes or supports education, research and development.

2-Trial Maeen federation (Test Federation)

Members are required to join the Test Federation before register to the Production Federation, so that they can test services, and complies with Federation policy. To test the federation, send email to helpdesk@maeen.sa.

3-Subscription Form

Complete Maeen Federation Subscription Form and email it to helpdesk@maeen.sa.
(All institutions that subscribe to Maeen Federation are required to be fully compliant with the Maeen Federation Policy)

Identity Provider Registration Form
Service Provider Registration Form

4-Notification from Maeen Federation

Maeen Federation team will contact you regarding subscription.

5-Move to Production environment.

After subscription application approved by Maeen Federation, Operation Team will contact you to move your service(s) from Test Federation to Production Federation.

 

Technical

Maeen Ferderation Metadata

Metadata URL  https://md.maeen.sa/metadata/maeen-edugain-metadata.xml
Entity ID  Maeen Federation
Signing Certificate  https://md.maeen.sa/metadata/maeen-metadata.crt
Cert Fingerprints
 AF:EA:76:39:D1:5E:70:34:7F:CD:7B:F5:60:10:38:6C:91:28:23:91:72:5F:67:EC:06:2B:23:A7:1A:3B:5B:5D (SHA256)

Contact

For general, security  and technical contact

Email: helpdesk@maeen.sa

Phone: 00966114813933

Fax: 00966114813254

Technical support is available 24 hours 365 days a year