Why INFLIBNET Access Management Federation?
The INFLIBNET Centre, as one of its core mandates, provides access to scholarly e-resource to universities and colleges in India under the e-ShodhSindhu. The INFED is being set-up as a centralized agency to coordinate with member institutions in the process of implementation of user authentication and access control mechanism distributed across participating institutions using standardized rules and metadata for exchange of attributes.
Shibboleth access management model is essentially designed to run in a federated mode wherein individual participating institutions are required to run their own Identity Provider Services for users in their respective institutions. Alternatively, members can use identity provider services offered by the INFLIBNET Centre through INFED. A formal federation is required as trusted interface between the institutions as Identity provider (IdP) and publishers as service providers to ensure use of uniform standards and protocols while transmitting attributes of authorized users to publishers.
Major role of the federation includes development of federation, participating community, provide assistance to member institutions in the process of creation and maintenance of their identity management system, assigning responsibilities to the trusted officers of the member institutions for maintenance of database of users and to manage their identity, processing of participant metadata, overseeing operations of Shibboleth Service platforms, dispute resolution and any other jobs assigned by the National Steering Committee of the eShodhSindhu Consortium.
The INFLIBNET Access Management Federation (INFED) manages the trust between all the parties, including member institutions and publishers. It hosts database of authorized users at servers installed at the INFLIBNET Centre in case member colleges or universities do not have their own identity provider service. As such, when a user wants to access a subscribed resource, he / she is directed to log-in on to the Identity Provider Service (IDP) at the INFED. The IDP at the INFED, in turn, authenticate the users and pass requisite attributes about him / her to the Service Provider using associated user's database of institutions. In other words, the Service Provider receives all necessary user attributes from the INFED’s Identity Provider Service which it trusts. Attributes passed on by the IDP determines level of access a user gets from the Service Provider (publishers of e-resources).