Community AAI Software

The NFDI AAI Architecture requires the use of a so called “Community AAI”. Here we list the available software products that implement the fuctionality of a Community AAI. Each of them can be used to run such a Community AAI Service.

The software products were selected because of their relevance in the context of NFDI and the German AAI ecosystem.

It is planned to offer an installation of each Community AAI to the NFDI Consortia as a Service (Community-AAI as a Service). Each NFDI Consortium needs to settle on a single Community-AAI.

AcademicID

[AcademicID]

• Operated and developed by: GWDG
• Overview Presentation
• Contact: Christof.Pohl at gwdg de

didmos

didmos didmos is a powerful software suite for Identity & Access Management by DAASI International. It consists of six expandable open source modules which also can be used to implement a Community AAI. didmos Core allows VO and group management for both external and local users that can be managed with the powerful self service and admin tool didmos LUI. The AARC BPA compliant SSO proxy didmos Auth supports the protocols OIDC and SAML both towards clients (acting as an IdP) and authentication sources (acting as an SP).

• Operated and Developed by: DAASI
• Overview Presentation
• Contact: P(eter).Gietz at daasi de

Reg-APP

RegApp is a federated open source identity management system, which is mainly developed at the Scientific Computing Centre (SCC) at KIT. The currently installed solution enables more than 38,000 registered users from various research institutions, including the Helmholtz Association and universities, to log in to various services, secured by two-factor authorization (2FA). Users can use the account provided by their home institution for this purpose.

• Operated and developed by: KIT
• Overview Presentation
• Contact: Michael.Simon at kit edu

Unity

Unity is a complete solution for identity, federation and inter- federation management. Or, looking from a different perspective, it is an extremely flexible authentication service. It is a open-source software, developed by Bixbit. The single-sign on proxy component, which supports OIDC and SAML to authenticating services and to consuming services, is AARC BPA compliant. Optional it offers further features like VO management or multi-factor authentication.

• Operated by: FZ-Jülich
• Overview Presentation
• ds-support at fz-juelich de

Feature Matrix

We maintain a feature matrix to allow a quick comparison between available Community AAI softwares. Given that all of these implementations are very complex software products, that are highly configurable, it is very difficult to provide a detailed and adequate comparison of them. This feature matrix is rather coarse grained. We’ll gratefully collect your feedback, if you want to share it with us.

Feature Matrix (on google)

Last change: Nov 15, 2024 10:13:13