Federated Authentication. Ensure the Security, Trust, and Mobility of users accessing your service.

Digital Identity Service Manager Esmeralda Pires explains everything about Federated Authentication technology, detailing how the FCCN Unit uses it to ensure the security and mobility of the teaching and research community in Portugal.

Do you still remember the time when, to access a web service, the only option available Did it require prior registration, where you had to fill in your username and password? And that every time you accessed a new service, you had to repeat this process over and over again, leaving you with a long list of passwords to memorize?

Federated authentication was created to solve this problem. This type of authentication has long been adopted by various commercial services, and today, we use federated authentication almost without realizing it—we access several different services without registering, and we log in using only our email or social media credentials.

However, another question arises regarding identity reliability. What if my service wants to determine whether a user is a student, faculty member, or researcher? How can I be sure the user is who they claim to be? FCCN has the answer and the solution for these services.  

The FCCN unit is responsible for two authentication infrastructures: CIÊNCIA ID and RCTSaai. These infrastructures ensure the authentication and authorization of users from the academic and research community. Services or applications targeting users from the academic and/or research community can opt in and integrate RCTSaai and/or CIÊNCIA ID authentication.

CIÊNCIA ID is an authentication and identification infrastructure designed for services within the national and/or international science ecosystem. In addition to uniquely and permanently identifying citizens engaged in scientific activity in Portugal through CIÊNCIA ID account registration, it also provides a common authentication mechanism for various science management platforms.

RCTSaai aims to simplify the provision of web services to the entire community served by FCCN. Students, faculty, and staff at participating institutions, using their institutional account, have access to a set of services available through RCTSaai.

eduGAIN or international authentication

What if my service also aims to provide access to international students or faculty? In this case, the service can integrate eduGAIN authentication. eduGAIN is managed by GÉANT and connects existing identity federations worldwide. RCTSaai is one of the 80 federations that are part of eduGAIN and allows students, staff, and faculty from the international academic community to access services and collaboration platforms worldwide.

A good example of the use of eduGAIN authentication are the services of the Erasmus+ program (Erasmus+ App or Online Learning Agreement), where students authenticate using their institution's credentials and the services receive the necessary information about mobile students (European Student Identifier, contact information, home institution).

Web Services or Mobile Applications can and should adhere to federated authentication (RCTSaai, CIÊNCIA ID or eduGAIN) and, in this way, guarantee three fundamental elements to users

User and Service Security

• Reduction in the number of credentials required by the user to access services (only uses/manages the credentials of the institution of origin or CIÊNCIA ID);
• The services integrate users from other national and international institutions in a simple and secure way;
• RCTSaai/eduGAIN and CIÊNCIA ID Federated Authentication relies on secure protocols (SAML and OpenID Connect) to perform authentication requests and exchange user information.

Trust in Identity

• User registration is carried out at the user's home institution, which is responsible for ensuring user information (e.g.: RCTSaai: enrollment process, employment contract, etc.)
• User data is sent by the institution to the services only after successful authentication and consent from the user.  

Mobility

• Users use their institution's credentials to access services and collaboration platforms around the world;
• The services can welcome users from across the international academic community.

To find out if your service can integrate with the FCCN Unit's federated authentication services, see the service pages RCTSaai and CIÊNCIA ID.