The objective of the Authentication and Authorization Infrastructure (AAI) is, in a nutshell, to simplify inter-organizational access to web resources.With a single login, with his/her institutional account, an authorized user can access from anywhere all HEAL-Link subscriptions. The AAI makes use of a concept called federated identity management.
Necessity of access to a variety of electronic resources and the various difficulties that arise when using separate authentication credentials leads to the creation of an infrastructure for unified access. Under this structure a user, ascertains the identity of the institution he belongs once, the institution then provides the authorization to its authenticated user (who should have access to the corresponding services). Until now access was based either on individual credentials for each service / resource or on recognizing IP addresses.
The problems that the user faces with the described process are mentioned below:
- Time-consuming user registration and management procedures for any online source.
- Users manage multiple passwords.
- Authorizations issues are ignored with the existing authentications.
- The large effort required to integrate users from other universities due to lack of standard authorization.
- Authorization does not always become independent from the location (IP address recognition).
Authentication and Authorization Infrastructure (AAI) uses an integrated and federated approach, where each party controls the steps on: authentication and authorization of their members and electronic resources and define access rules for members according to the agreements with HEAL-Link Federation. All parties benefit from a standard that is based on authentication and authorization infrastructure.
By using AAI Services we have the following advantages:
- Due to the digital identity, electronic resources do not need to provide registration services and user management.
- A standard authentication mechanism allows users to access various online resources.
- Users have access regardless their location.
- Data protection requirements are checked.