eduGAIN is a service developed within the GÉANT Project - a major collaboration between European national research and education network (NREN) organisations and the European Union.
eduGAIN interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. eduGAIN enables the trustworthy exchange of information related to identity, authentication and authorisation (AAI) by coordinating elements of the federations’ technical infrastructure and providing a policy framework that controls this information exchange.
eduGAIN World Map - ▇ eduGAIN ▇ Joining ▇ Candidate
This exchange of information contributes to the seamless operation of services, whether they are developed within the GÉANT Project, provided by other communities represented by, or associated with, the GÉANT partners, or provided by commercial Service Providers.
eduGAIN Service diagram -
How eduGAIN works
- Enables trustworthy exchange of information between federations without many bilateral agreements
- Reduces the costs of developing and operating services
- Improves the security and end-user experience of services
- Enables service providers to greatly expand their user base
- Enables identity providers to increase the number of services available to their users
How eduGAIN works
Federated AAI environments
An identity federation is a group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable access to and use of the resources. Many organisations use Authentication and Authorisation Infrastructures (AAIs) to build a trusted environment where users can be identified electronically using a single identity. These systems can also contain information about a user's access rights based on attributes characterising their role. Resource owners (service providers) may use these federated environments to control federation participants’ access to the provided resources.
The existence of multiple AAIs and multiple identity federations makes it technically and administratively difficult when a user attempts to gain access to protected resources and services from other federations. The user must first be successfully authenticated by his/her home AAI and then authorised by the visited service provider.
eduGAIN enables different AAIs to interact securely. The eduGAIN technology involves a "Metadata Service", which regularly retrieves and aggregates information from participating federations about services and identity providers, and makes this information available.
eduGAIN coordinates necessary elements of the federations’ technical infrastructure and provides a policy framework controlling the exchange of this information.
eduGAIN also liaises with other federation initiatives such as REFEDS (Research and Education Federations) and the GÉANT project's Federation-as-a-Service team.
For an overview of identity federations currently in eduGAIN, visit the eduGAIN membership status page of the service's technical website. To discover other federations, view the