AAI

AAI (Authentication and Authorization Infrastructure) Systems play a key role in accessing materials on research networks securely and controlled. It is more important when organizationally independent research teams work together for international research projects, because they often need to share their resources. There are several projects in a number of European countries, that aim to create virtual research environments by providing mobility between institutions. In April 2006, Hungary joined EduRoam network, that provides mobility between research networks in data link layer.

According to international practice, federated authentication and authorization systems are applied - besides data link layer - in web application layer. These systems make it possible that web-accessible resources and services can be utilized by users authenticated at their home institutions. In this way it is unnecessary to store private data (such as usernames and passwords) in multiple locations, therefore this setup can be managed much easier regarding privacy. Single point of login - used properly - results in simplified authentication for users and improved security.

Several technologies exist to federate authentication. NIIF AAI uses Shibboleth, the most prevalent federated middleware across research networks. However in a short time it will be possible to roam between other federations and technologies by the use of EduGAIN, developed by Géant2 (including efforts of NIIF Institute).

Primary users of AAI are research and higher education institutions, however it is possible for even commercial providers to join the federation, offering their services to the academic scope controlled. Shibboleth technology can be used to build up an intranet Single Sign-on solution, while access of particular resources and services can be granted to arbitrary scopes of national or international academic networks.

Technology pilot of NIIF AAI was funded by GVOP in 2006 (partners: MTA Sztaki, ICON Zrt.)