SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

Tag Archives: interfederation


by

SWITCHaai Transition to Shibboleth Identity Provider v3 is 80% complete

Back in May 2015, the Shibboleth Consortium announced July 31st 2016 as end-of-life date for the IdPv2 code base. A redesigned IdPv3.1.1 is available since March 2015. One month later, SWITCH announced the initial version of the SWITCHaai specific IdPv3 installation guide. In June and September 2015, SWITCH offered well-attended IdP training courses [4] on how to configure IdPv3. Since then, the number of IdPv3 installations has gradually increased to the 80% level it reached just at the beginning of the autumn semester 2016.

The vast majority of the IdP administrators have installed, configured, tested and finally integrated the new version into their production environment. A big thank you to all of them that they gave their time to upgrade. Many administrators provided us valuable feedback on the IdP installation guide so that we could continuously improve it over time.
Several organizations decided to adopt the IdP Hosting service SWITCH offers instead of upgrading their own local installation. Today, SWITCH runs 17 production IdPs on our IdP hosting platform, including the ones for Swiss edu-ID, the Virtual Home Organization (VHO) and the IdP for the SWITCH staff members.

From about half of the remaining eleven IdPv2 instances we know that they will migrate to IdPv3 in the next few weeks. So hopefully by the end of 2016 almost everyone will have completed the transition.

The US InCommon Federation from time to time analyses the metadata of the eduGAIN interfederation service and publishes an interesting statistic on how many of the interfederation enabled IdPs are based on the Shibboleth open source software and run on IdPv3 or still on IdPv2. These numbers show that the percentage of IdPv3 in SWITCHaai is pretty high compared with most other federations listed.


by

10 Years SWITCHaai

In autumn 2005, SWITCH launched the production service for the SWITCHaai federation. Now more than 400’000 users from 60 institutions have a SWITCHaai enabled account that allows them to access their choice of more than 800 SWITCHaai enabled services.

SWITCHaai Status Oct 2015

10 Years SWITCHaai Federation (2005-2015)

The usage of SWITCHaai is still increasing. Over the last 12 months, an average of 50 logins per minute were counted on the central discovery service, a growth of 6% compared to the prior period.

40% of Identity Providers are now interfederation ready, serving more than 70% of all AAI-enabled users. In early 2016, the US InCommon Federation will also widely deploy interfederation via the interfederation service eduGAIN. The number of users able to access services registered in another federation is constantly growing, which attracts even more services. Currently, however, only nine out of the more than 800 SWITCHaai enabled services accept users from other federations.

Since the end of November, there are no longer any SAML1-only Service Providers registered in the SWITCHaai Federation. Now that the SAML2 standard is 10 years old, it is time to get rid of the last few services that still default to using SAML1 even though they also support SAML2.


by

How to support Research with AAI

AAI is not only used within Switzerland. As of today there are 44 production and 17 pilot identity federations like AAI known around the world. 34 of the production federations are also part of the interfederation service eduGAIN, which interconnects these federations and allows AAI users of Interfederation-enabled Swiss institutions to access AAI services operated in other eduGAIN federations. Vice versa, AAI services in SWITCHaai (e.g. operated at CERN) now also be easily opened to and accessed by users from other eduGAIN federations.

Using AAI across national borders is in particular useful for research projects whose participants often come from different countries in the world. How research can benefit from eduGAIN and how SWITCH in the context of the GÉANT project is helping research projects to make use of AAI internationally is described in a new SWITCH story called “The recipe for cutting-edge international research“.