There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world.
The following documents the integration status of various providers in SAFIRE.
Association for Computing Machinery Status Working Login link terminology Institutional Login Notes Libraries can follow the documentation link, or contact ACM support and request Shibboleth access (see documentation).
In April 2020, SAFIRE was approached by the Royal Society of Chemistry (RSC) who expressed interest in joining SAFIRE as a Service Provider.
While Kortex have temporarily made limited free access available under their Free Student eTextbook Programme FSTP, federated authentication using institutional credentials is also now possible.
The international science community has asked for help in connecting researchers and scientists to collaborations that are rapidly forming in response to the COVID-19 pandemic.
Under the auspices of the RCCPii capacity development project, we
recently concluded a successfull workshop on identity management & federation.
The benefits identity federations, and specifically eduGAIN, bring to scientific cyberecosystems was the subject of a recent article in HPCwire.
eduGAIN logo
The eduGAIN steering group voted last week to admit the South African Identity Federation, SAFIRE, as its 41st member and the first fully participating member from Africa.
In simple terms, eduGAIN it is the web equivalent of the eduroam wireless roaming service — it is an academic inter-federation with 41 member countries from around the world. South Africa’s membership of eduGAIN will provide local academics and researchers with an easy way to log into over a thousand participating services worldwide using their home organisation’s username and password.
This post documents SAFIRE’s experiments with, and ultimate deployment of, a smartcard-based HSM for SAML metadata signing in the hope that we can help other emerging federations along the way.
Identity provider proxies allow the hub-and-spoke federation to appear as a full mesh, at least for the purposes of IdP discovery. This means that service providers can make use of local discovery and see a list of individual SAFIRE identity providers rather than seeing a single entry for the whole federation.
In turn, this eliminates the “double discovery” problem for service providers that use local discovery to select amongst a number of different federations (e.
Metadata is the basis of trust in any federation, and this makes the key management practices for metadata signing particularly important.
In response to suggestions from other federation operators, we’ve decided to try and get this “right” from the beginning — at least as far is actually practical for a small federation in its early stages. And “right” means that we should store our metadata signing key in some form of hardware security module.
