Federated AAI environments
An identity federation is a group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable access to and use of the resources. Many organisations use Authentication and Authorisation Infrastructures (AAIs) to build a trusted environment where users can be identified electronically using a single identity. These systems can also contain information about a user's access rights based on attributes characterising their role. Resource owners (service providers) may use these federated environments to control federation participants’ access to the provided resources.
The existence of multiple AAIs and multiple identity federations makes it technically and administratively difficult when a user attempts to gain access to protected resources and services from other federations. The user must first be successfully authenticated by his/her home AAI and then authorised by the visited service provider
eduGAIN enables different AAIs to interact securely. The eduGAIN technology involves a "Metadata Service", which regularly retrieves and aggregates information from participating federations about services and identity providers, and makes this information available.
eduGAIN coordinates necessary elements of the federations’ technical infrastructure and provides a policy framework controlling the exchange of this information.
eduGAIN also liaises with other federation initiatives such as REFEDS.