University X Press produces a scholarly publication which they market in a manner complementary to the way libraries buy subscriptions to a number of online resources. For this publication, University X is a "Service Provider" (SP).
The US community that accesses this resource uses federated identity, allowing one to use her home institution's identity to login in and access a restricted internet site. This approach, especially as used for library services, frequently protects the identity of the individual doing the reading, analogously to the way a publisher of a paper journal sold to a library has no idea who specifically is reading it, only that it's a library patron. The journal publisher needs to know the person is entitled to access the resource, not the actual identity of the person. So the users identity provider (IdP) software asserts membership in the appropriate license group to the SP as identified when the trust relationship was established.
This publication is being accessed in multiple countries in addition to the US. In Germany, a library consortium is accessing the resource using location-based (IP address) authentication. If one is physically on a particular campus or uses a VPN to access their IP domain, then one can access it. However, the German consortium would like to use their national R&E federation and leverage their campus credentials similar to US schools in InCommon. The UK also has interest in accessing this resource and also operates an identity federation.
On a technical level, access using these other federations is in place today. However, because InCommon is not participating in formal interfederation service like eduGAIN, the German and UK federation managers are requesting that University X sign their local federation agreement in order to add the University X Press SP to their metadata. Given these contracts require the school to adhere to different international laws and policy structures, this is a bit problematic.
Enter InCommon's membership in eduGAIN. Participating in this service would enable University X to share their SP metadata with the international community without the need to sign additional contracts or comply with other federations' specific policies. The transactions would fall under the eduGAIN sharing policies.
1 Comment
Tracy Mitrano
Here is another example: Faculty members who work together on soil conditions for growing corn in University A in the United States and University B in China and University C in Kenya want to collaborate on an undergraduate team taught course. Not only do they require robust video-conferencing tools for the synchronistic parts of the course, which requires authentication to penetrate the firewalls and other technical safeguards that each institution has in place on its respective networks, but there is also content on three different learning management systems that the students must access across the institutions. Without a federated network, the means of accomplishing these tasks presents both policy and process challenges. In terms of policy, each institution does not allow the granting of credentials to individuals who are not members of the community. In terms of process, it is a cumbersome. New credentials would have to be made for each of the individuals and instructors for the class, which totals almost 300 people. A federated network among the institutions would solve this problem in an instant. By allowing for federated identity that neither compromises policy nor creates a burdensome process, everyone has access that is secure, private and appropriate for the faculty members to collaborate on the team-taught course.