Collaboration Archive

Integrating library information providers via SAFIRE

There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world. The following documents the integration status of various providers in SAFIRE. Association for Computing Machinery (ACM) Status No SA institutions listed by default Login link terminology Sign in via your Institution Documentation http://libraries.

SAFIRE joins eduGAIN

eduGAIN logo The eduGAIN steering group voted last week to admit the South African Identity Federation, SAFIRE, as its 41st member and the first fully participating member from Africa. In simple terms, eduGAIN it is the web equivalent of the eduroam wireless roaming service — it is an academic inter-federation with 41 member countries from around the world. South Africa’s membership of eduGAIN will provide local academics and researchers with an easy way to log into over a thousand participating services worldwide using their home organisation’s username and password.

Technical update: IdP proxies

Identity provider proxies allow the hub-and-spoke federation to appear as a full mesh, at least for the purposes of IdP discovery. This means that service providers can make use of local discovery and see a list of individual SAFIRE identity providers rather than seeing a single entry for the whole federation. In turn, this eliminates the “double discovery” problem for service providers that use local discovery to select amongst a number of different federations (e.

Technical update: HSM for metadata signing

Metadata is the basis of trust in any federation, and this makes the key management practices for metadata signing particularly important. In response to suggestions from other federation operators, we’ve decided to try and get this “right” from the beginning — at least as far is actually practical for a small federation in its early stages. And “right” means that we should store our metadata signing key in some form of hardware security module.

South African Identity Federation