eduTEAMS enables researchers, students and other members of the research and education community to create and manage virtual teams and securely access and share common resources and services using federated identities from eduGAIN and trusted Identity Providers.
Background
International collaboration has always been at the heart of academic research. Accessing and sharing scientific resources, may them be scientific instruments, collaborative tools or research data, has always been a challenge.
During the last decade, eduGAIN has enabled millions of researchers to access federated services using the very same accounts that they use at their home organizations. The success of eduGAIN has led many groups to investigate how researchers can use their federated identities and the eduGAIN foundation in order to collaborate across organizational and national boundaries. Initiatives like the TERENA AAA Study, the FIM4R working group and the AARC project series have been investigating various aspects of the challenges involved in using federated identities for the authentication and authorization in research collaborations. The AARC Blueprint Architecture is a design pattern that has emerged as the best practice for implementing interoperable authentication and authorization solutions for accessing and sharing resources in international research collaborations and infrastructures. eduTEAMS is full implementation of the AARC Blueprint Architecture.
The eduTEAMS Service
The eduTEAMS service enables research communities to securely access and share common resources and services. Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS enables communities to securely authenticate and identify their users, organize them in groups, assign them roles and centrally manage access rights for using community resources. As research is not confined only in the research institutes and universities, eduTEAMS caters also for users coming from the industry or citizen scientists who may not have access to eduGAIN. It does so by supporting external (non-eduGAIN) identity providers, such as social networks providing federated identities, community identity providers and other platforms that can provided federated users identities.
How eduTEAMS works
eduTEAMS follows a proxied model architecture that implements the AARC Blueprint Architecture.
It is comprised by four components:
eduTEAMS Proxy & Identity Hub
The eduTEAMS Proxy is an SP-IdP Proxy with first-class support for the OIDC and SAML protocols. It can connect SAML Identity Providers, OIDC Providers, SAML Service Providers, OIDC Resource Providers enabling teams to use their preferred identity sources and services regardless of the authentication protocol used. The eduTEAMS Proxy is responsible for aggregating the user attributes from various identity sources, enforce community and platform wide policies and provide one persistent user identifier and a harmonised set of attributes to the connected services.
eduTEAMS Discovery Service (DS)
The eduTEAMS Discovery service provides a web interface for users to search and select their preferred identity provider. It is an essential component of the platform, directly connected with the eduTEAMS Proxy.
eduTEAMS Metadata Service (MDS)
The eduTEAMS Metadata Service aggregates the metadata of all the SAML Identity and Service providers that are connected on the platform. It does so by aggregating the metadata feed of eduGAIN, while allowing the platform administrators to configure also other local or remote metadata sources. The eduTEAMS MDS is an essential component of the platform directly connected to the eduTEAMS Proxy.
eduTEAMS Membership Management Services (MMS)
The eduTEAMS MMS provide the ability to users to create virtual organisations (VO), manage these VOs, invite users to collaborate, manage registration flows, organise user to groups and assign them roles and resource entitlements as needed within the collaborations. Users can choose between 3 options for their VO: COmanage, HEXAA and Perun. All three are supported and and available on the eduTEAMS platform.