iAMRES Identity Federation
Identity Federation considerably simplifies inter-institutional use of web-service. Within identity federation, user has one digital identity (the set of user name, password and other data about him/her) which is provided to him/her by parent institution where he/she works or studies. By using that digital identity, the user may access services offered via Identity Federation. In Identity Federation, institutions which provide digital identity to their users are called Identity Providers, and institutions that provide service Service Providers.
Identity Providers are responsible for checking user identity – authentication and they send pre-agreed data about the user to Service Provider. Service Provider, based on data about the user, may make additional authorization i.e. assignment of rights and privileges that the user has in that service, and it can also make service personalization. Identity Federation is realized within iAMRES service for the AMRES users.
How Does iAMRES Service Work?
Identity Providers, Service Providers and iAMRES make Identity Federation together. iAMRES does not store user information, but it sends authentication request to the institution which is AMRES user and which performs user authentication.
If AMRES user does not want to use iAMRES central portal for login to the system, they can realize their own Identity Provider authentication server which must support SAML 2.0 (Security Assertion Markup Language) protocol for authentication.
How can my institution become the user of iAMRES Service?
iAMRES service is available to all AMRES users who want to participate either as Ian dentity Provider or a Service Provider. AMRES has developed instructions and the necessary technical documentation for the implementation of the Identity Provider authentication server https://docs.amres.ac.rs/uputstva/shibboleth/shibboleth/. AMRES provides all technical and advisory assistance to AMERS users, in order to successfully join iAMRES service.