GRNET's Authentication and Authorization Infrastructure (AAI) assists cross-institutional services by providing federated authentication and authorization among participating organizations. Through the Infrastructure, users can access services in a secure and confidential manner, simply by using their institutional accounts.
GRNET's Federation comprises members of the academic, research and educational community of Greece, as well as third parties wishing to provide services to the community.
The federation's members fall into two categories:
- Identity Providers (IdP): the entities (e.g. academic or research institutions) authenticating their users and certifying their identities. Furthermore, they may provide Service Providers with the users' personal data in order to facilitate user authorization.
- Service Providers (SP): the entities providing services to the community. They may receive individual users' personal data, under consent, with the purpose of authorization and providing personalized services.
The participation of an Identity Provider in the Federation yields multiple benefits for its users:
- logging into a federated service is performed using the user's existing institutional account, without requiring separate registration.
- the user's identity, position and affiliation are only optionally transmitted to Service Providers, allowing fully anonymous and trusted access.
Accordingly, a Service Provider may benefit from joining the federation by being able to offer services to a large community through a central access mechanism without the need for ad hoc user authentication methods.