Case Study of the Usage of an Authentication and Authorization Infrastructure (AAI) in an E-Learning Project

Authentication and Authorization Infrastructures (AAIs) are single sign-on systems. Their purpose is authenticating a user once, i.e. locally at the user’s so-called home organization, and then checking authorization of requested resource accesses based on user attributes the user’s home organization delivers. AAIs are just about being widely employed, and Switzerland is playing a pioneering role in AAI deployment as the national research and education network provider SWITCH has managed to get all Swiss universities involved in setting up an AAI. In that context, the SWITCH AAI is used, for instance, to control access to e-learning resources. We will report in this paper on SWITCH AAI and its use in the VITELS (Virtual Internet and Telecommunications Laboratory for Switzerland). By doing so, we will discuss how the AAI middleware Shibboleth is used to implement a concrete AAI. After explaining how Shibboleth is used to implement SWITCH AAI, we will discuss how VITELS integrates into SWITCH AAI, including server (or better: service) integration of VITELS into SWITCH AAI as well as discussing which attributes are delivered cross organizations.