federation.njedge.net

This is the central site for the NJEdge federation. A "federation" is a collection of institutions that want to be able to access each other's applications. It provides a coordinated approach to verifying user's identity and what they are permitted to do.

The NJEdge federation is currently in a very early stage. It is currently using Shibboleth as the technology.

To use applications that participate in the Federation, you will need an "Identity Provider." This software allows other sites to check your users' identity, and to confirm information about them, such as whether they are faculty, students, etc. Your identity provider checks the username and password. Depending upon your policies the information sent back to the application need not include any identiable information about the user. All the application needs to know is that your campus considers it a valid user.

To provide an application yourself, you will need a "Service Provider". This is a piece of software that allows your application to find Identity Providers at other institutions, verify that a user is valid, and check attributes such as whether the user is faculty or student.

There's one more, optional, piece of the picture: the "Discovery Service." If a service provider wants to serve users at several institutions, it has to start by asking users which institution they are from. Then it sends them to that institution's Identity Provider to check their username and password. The NJEdge Discovery Service is a page that lists all the institutions in the NJEdge Federation and their identity provider. If you want to allow anyone at an NJEdge institution to use your service, the NJEdge Discovery Service is the easiest way to do so. If you want to use a different collection of institutions, you can set up your own Discovery Service. It can pull in the list of NJEdge institutions using the NJEdge metadata.

As the Federation develops, we will be providing additional documentation to help members set up.

Currently this site contains "metadata" for each participant. Metadata contains information about an Identity Provider or Service Provider. It allows other providers to find each other, and to verify the identity of the other provider.

See NJEdge Federation Metadata for more information on using this metadata.

Currently we ask Identity Providers to send us at least eduPersonScopedAffiliation, using the standard roles as defined in the EduPerson schema. In general we recommend using the InCommon Federation's Attributes as a guide. However we expect to use at least one attribute from EduCourse in the future.

Please check the definition of roles that you provide with eduPersonScopedAffiliation with the most recent version of the EduPerson specification at the Educause/Internet2 EduPerson site. Pay particular care to how you define "member". This is what NJVid currently uses to determine whether someone should have access to licensed material. Member is supposed to include currently active faculty, staff and students, but not various other types of person may have looser affiliations with the University. That is, it should be people for whom your University is willing to provide your basic bundle of services, including access to licensed library material.

If necessary, Shibboleth can be set to generate values of eduPersonScopedAffiliation based on other directory data. So if your directory doesn't have appropriate values, you can set Shibboleth to generate "member" and other values based on other data.