George Laskaris, NJEDge.Net and Richard Greenfield, University of Alaska will present on the topic of Building Identity Trust Federations in State research and education communities at the...
Home
NJTrust is New Jersey's Identity Trust Federation. It supports collaboration among New Jersey Education and Research Institutions. A Trust Federation is a collection of institutions and vendors that want to be able to access each other's applications in a shared, secure and trusted manner. It provides a coordinated approach to verifying users' identity and what they are permitted to do.
The NJEDge federation is currently in a very early stage. We have several New Jersey Higher Education institutions that are currently participating in the pilot of the federation. The Federation is currently using Shibboleth as the technology. Once this trust fabric is built, new services can be rolled out to participating institutions simply by adding them to the Federation. Similarly, existing services can be extended to new Institutions who join the Federation.
How to participate
To use the applications that participate in the Federation, you will need an "Identity Provider." This software allows other sites to check your users' identity, and to confirm information about them, such as whether they are faculty, students, etc. Your identity provider provides the authentication by checking the username and password. Depending upon your policies, the information sent back to the application need not include any identifiable information about the user. All the application needs to know is that your institution considers it a valid user.
To provide an application yourself, you will need a "Service Provider". This is a piece of software that allows your application to find Identity Providers at other institutions, verify that a user is valid, and check attributes such as whether the user is faculty or student.
There's one more, optional, piece of the picture: the "Discovery Service." If a service provider wants to serve users at several institutions, it has to start by asking users which institution they are from. Then it sends them to that institution's Identity Provider to check their username and password. The NJEDge Discovery Service is a page that lists all the institutions in the NJEDge Federation and their identity provider. If you want to allow anyone at an NJEDge institution to use your service, the NJEDe Discovery Service is the easiest way to do so. If you want to use a different collection of institutions, you can set up your own Discovery Service. It can pull in the list of NJEDge institutions using the NJEDge metadata.
As the Federation develops, we will be providing additional documentation to help members set up.
Currently this site contains "metadata" for each participant. Metadata contains information about an Identity Provider or Service Provider. It allows other providers to find each other, and to verify the identity of the other provider.
See NJEDge Federation Metadata for more information on using this metadata.
Currently we ask Identity Providers to send us at least eduPersonScopedAffiliation, using the standard roles as defined in the EduPerson schema. In general we recommend using the InCommon Federation's Attributes as a guide. However we expect to use at least one attribute from EduCourse in the future.