There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world. The following documents the integration status of various providers in SAFIRE. Association for Computing Machinery (ACM) Status No SA institutions listed by default Login link terminology Sign in via your Institution Documentation http://libraries.acm.org/subscriptions-access/authentication Authorization attribute(s) eduPersonEntitlement American Chemical Society Status Tested, Working Login link terminology Find my institution Status since January 2021 This provider appears to have adopted SeamlessAccess for login, which is a new standard that greatly improves the user experience. …

In April 2020, SAFIRE was approached by the Royal Society of Chemistry (RSC) who expressed interest in joining SAFIRE as a Service Provider. …

While Kortex have temporarily made limited free access available under their Free Student eTextbook Programme FSTP, federated authentication using institutional credentials is also now possible. …

The international science community has asked for help in connecting researchers and scientists to collaborations that are rapidly forming in response to the COVID-19 pandemic. …

Under the auspices of the RCCPii capacity development project, we recently concluded a successfull workshop on identity management & federation. …

The benefits identity federations, and specifically eduGAIN, bring to scientific cyberecosystems was the subject of a recent article in HPCwire. …

eduGAIN logo The eduGAIN steering group voted last week to admit the South African Identity Federation, SAFIRE, as its 41st member and the first fully participating member from Africa. In simple terms, eduGAIN it is the web equivalent of the eduroam wireless roaming service — it is an academic inter-federation with 41 member countries from around the world. South Africa’s membership of eduGAIN will provide local academics and researchers with an easy way to log into over a thousand participating services worldwide using their home organisation’s username and password. Federated identity services play an increasingly critical role in facilitating access to big science projects, and so South Africa’s participation in this space is an important milestone towards allowing South African scientists to collaborate in international research. …

This post documents SAFIRE’s experiments with, and ultimate deployment of, a smartcard-based HSM for SAML metadata signing in the hope that we can help other emerging federations along the way. …

Identity provider proxies allow the hub-and-spoke federation to appear as a full mesh, at least for the purposes of IdP discovery. This means that service providers can make use of local discovery and see a list of individual SAFIRE identity providers rather than seeing a single entry for the whole federation. In turn, this eliminates the “double discovery” problem for service providers that use local discovery to select amongst a number of different federations (e.g. sites that use DiscoJuice or derivatives). Instead of clicking through two discovery interfaces (local to select the federation, central to select the IdP), end users can select their identity provider directly at the SP. …

Metadata is the basis of trust in any federation, and this makes the key management practices for metadata signing particularly important. In response to suggestions from other federation operators, we’ve decided to try and get this “right” from the beginning — at least as far is actually practical for a small federation in its early stages. And “right” means that we should store our metadata signing key in some form of hardware security module. …