Authentication and Authorisation Infrastucture (AAI)

As part of the PEPC2003, Christoph Graph, head of the Security department at SWITCH (Swiss Education and Reaseach Network) presented a cross-organisational inftrastructure offering Authentication and Authorisation (AA). This project is part of the developments done on on e-Academia of the Swiss Virtual Campus.

In short, AAI is implemented to allow all members of swiss universities to be part of one single community. It allows inter-organizational user authentication and secure transfer of authorization attributes. In the past, users would receive credentials for every resource owner (university). Now users receives a single credential (most generaly from its university) and can use it in every university of the swiss virtual campus. Each university is a so-called “ressource owner”. Each student belongs to an “home organization” (the university the student belongs to). What is interesting is that the user only gives his infos to his home organization and the resource owner is the only one to grant access to its ressources. Moreover, it is based on an interesting decentralized uses database system (each home organization only keeps track of its members). Advantages of AAI are:

AA has different level of authentiction and authorization depending on the ressource type (for an intranet, web mail, forum, 3rd party content provider, e-learning platforms, standard applications). More on the subject: