The project Federated Identity Management.nrw (IDM.nrw) aims to implement a federated Identity Management (FIDM). The federation of the local IDM systems of the institutions in North Rhine-Westphalia should enable users to access the services of various universities at any time and from anywhere with just one account.
The IT Center of RWTH Aachen University is in charge of pursuing this goal together with the consortium partners Ruhr University Bochum, University of Duisburg-Essen and Aachen University of Applied Sciences.
Various services are currently being offered at different universities. These include E-Akte.nrw, ORCA.nrw, Sciebo, HPC.nrw and Datensicherung.nrw. With the help of the NRW-wide federation, the services of the Digital University NRW (DH.NRW) will be made accessible and usable for all institutions in the future.
The use is already possible, but there is no solution for federated access so far. The goal is now to enable users to access distributed services with their local ID (home ID). Aspects of data security and the definition of common attributes and roles as well as the understanding of a uniform definition in the area of central groups of persons are particularly important. In the future, NRW standards will be developed in the authorisation areas. A certain set of standard attributes, which contains clearly defined values, must be established. Participating institutions should adopt and use this set in the future to facilitate future service connections.
Furthermore, there is currently no solution in NRW that enables federated access to non-web-based services (HPC clusters). Currently, entries are made in the university’s own IDM system.
In order to find a suitable technology that enables this scenario, technologies related to authentication and authorisation will be evaluated in a further work package. For this purpose, both already known and new technologies (RegApp, two-factor authentication, OpenID Connect, etc.) will be considered on the basis of evaluation criteria. In this context, solutions for cross-university group administration will be sought.
Need for a Federated Identity Management (FIDM)
Access via the local ID (home ID) to distributed services requires university-wide authentication, which is already possible today via the DFN-AAI. Currently, access to web-based services is only possible via Shibboleth. So far, access to non-web services (HPC) requires an entry in the university’s own identity management (IDM) system. In addition, there is currently no FIDM for NRW that covers the requirements (differentiated roles). Cooperation is complicated by the lack of uniform processes and coordinated interfaces.
A FIDM is needed in NRW to ensure the broad use of numerous services in a NRW (cloud). There is an acute need for development here.
In NRW, a common approach was developed with the help of the feasibility study Federated Identity Management.nrw. The implementation of the developed solution approach leads to a simplified use of diverse services at different universities.
Who is the target Group?
The target group of the project is very large. All members of a higher education institution in NRW, with special consideration of the colleges of art & music and libraries, will derive great benefit from IDM.nrw. In the universities themselves, IDM.nrw is aimed at organisational managers, researchers, teachers and students.
Implementation Project Federated Identity Management.nrw
The implementation project to establish federated identity management in NRW is divided into three milestones. The IDM.nrw project is currently working on the first milestone.
The following objective has been planned for the period from September 2021 to August 2022:
- Establishment of a NRW sub-federation in DFN-AAI
- Establishment of a bwIDM and IDM.nrw alliance with the KIT in Baden-Württemberg
- Publication of the result of common attributes in NRW and central groups of persons in the form of NRW standards, agreed with the DFN-AAI
- Recommendation for implementation of evaluated technologies (e.g. in cooperation with bwIDM2) Evaluation: test, evaluate, recommend
- Achieving the participation of further higher education institutions
In the future, we will continue to report on the progress of the project Federated Identity Management.nrw.
Responsible for the content of this article are Aylin Gündogan and Morgane Overath.