Description and Value Proposition
The InAcademia service aims to radically simplify the ability of Service Providers offering products and services to the research and education community to validate the users affiliation and campuses to manage additional, lower trust services with minimum overhead. It also contributes to the GÉANT strategic goal of sustainability for services, by identifying value that these services can offer in the wider world and seeking to use this value to enhance funding.
Offering
A simple validation service targeting Service Providers working with research institutes and academia to validate users affiliation.
Reason to Act
Many commercial service providers offer discounts for students and/or staff members in academia. For these services it is critical to reliably validate the fact if a user is indeed affiliated with an institution, as this is the basis for the discount provided. As the discounts for students and staff are often considerable, these services are highly valuable for the users
Identity Federations in Research and Education currently support the delivery of an affiliation attribute using the well-known SAML authentication interfaces of their federations
Although Service Providers that only need validation could join and use exiting identity federation and use the attributes provided, there are downsides to this approach:
- Joining a federation is a lot of effort (policies and contracts)
- Implementing SAML and doing federation is not easy and requires expertise seldom available within Service Providers
- Interfederation is even harder, especially as this, even with using eduGAIN, still means dealing with federations on a National level.
- Setting up federation introduces upfront cost, while no customers are served yet. As a result, for many smaller service providers this barrier is too high, and they decide not to engage with federated identity at all.
- Federation is a lot of work for the service provider, while the service only needs the Affiliation, which is pretty low risk in the data protection spectrum
The InAcademia service aims to radically simplify the ability of Services to validate the users affiliation.
Customer Experience
Students and staff like services that provide discounts or other benefits. To allow services to provide discounts it must be possible to verify student and staff affiliation in a trustworthy way. The current mechanisms for validating affiliation either involve human checking of affiliation, for example by showing a student card, or make use of exiting identity management systems from institutions. The physical validation does not work will for digital services. Validating affiliation using exiting Identity infrastructures works, and has the benefit or reusing exiting AAI infrastructure. However for services, the initial setup and operational cost for this solution is high. This creates such a barrier for entry that many services choose not to engage with Identity federation at all.
By providing a solution with a lower barrier for entry as compared to traditional identity federation, more services will become available for end users.
Maintaining interconnections between Services and Institutional Identity providers is a burden for both Services as well as Home Institutions. For services that are not directly important for the primary processes on Campus this may even outweigh the effort for the IdP. With the use of the InAcademia Service a campus can connect its IdP to only one service, yet provide validation capabilities to many valuable services for their users.
With the InAcademia service the burden of maintaining connections with services that are not of primary concert for Campus activities can be seriously lowered.
Benefits
Cost reduction and more efficient user validation for service providers offering products/services to users in research/academia
Lower entry barrier for service provides, encouraged then to do business with the research and academic word
Larger portfolio of discounted services/products potentially offered to students, university staff and researchers
Costs
Specified in the contract. The model is a pay per transaction fee, with volume discounts
Alternatives
NRENs to have their own arrangement with service providers
Service providers to install and manage a fully fledged eduGAIN-enabled SAML environment
Engagement
Surveys with users will be conducted from Y2 on (2016) to assess and monitor user satisfaction. The target indicated in the service KPI is: “95% of users reporting the service is meeting or exceeding the requirements”