Abstract

The use and provisioning of services across organizations has not only gained momentum in the ‘business web’, but also in academic environments. For instance, in the state of Baden-Württemberg, national and state-funded cluster computing resources, operated by a single university, have to be accessible by the users of other universities as well. Two avoid that users have to create and maintain dedicated accounts at each organization, the concept of federated identity management (FIM) can be applied. FIM allows users to use a single identity at their home organization to access services that are operated by other organizations.

In this paper, we survey major requirements that need to be considered when establishing such a federation and its technical platform. Furthermore, we show how the bwIDM project established a FIM platform for the state of Baden-Württemberg that matches the requirements and that is based on the Security Assertion Markup Language (SAML) standard. In particular, we outline bwIDM’s approach on how to integrate non web-based services with SAML federations.