About the Canadian Access Federation
Research, Discovery, Learning on the Move
The Canadian Access Federation provides a trusted access management environment for Canadian research and higher education communities.
The Canadian Access Federation makes sharing protected resources easier, safer, and more scalable in our age of digital resources and services. It enables participants to meet the needs of 21st century research and learning by making collaboration easier among academic and research organizations across Canada and around the world.
Participation in the Canadian Access Federation:
The Canadian Access Federation provides participants with access to eduroam and Shibboleth services.
- enables staff, students, and faculty to access wireless networks and web-based resources using their home organization credentials when they are visiting other organizations;
- allows participants to participate in a cost-effective, privacy-preserving approach to access management;
- helps to ensure the privacy of personal information by eliminating the need for researchers, students, and educators to maintain multiple, password-protected accounts; and
- enables organizations to better manage access to their resources based on a user's status and privileges as presented by the user's home organization.
eduroam – Supporting access to secure wireless networking on campuses across Canada and the world
- Students, educators and researchers are mobile, using wireless connectivity as they travel to other organizations. Normally this required the visitor to obtain a special temporary authentication credential. Additional effort was required by the visitor and the visited organization to maintain these extra credentials.
- When both the visitor's and the visited organizations participate in eduroam, the visitor is automatically permitted access to the wireless networks of the visited organizations by using their home-organization credentials.
- eduroam (education/roaming) is an international standard developed in Europe and now deployed in many countries around the world. www.eduroam.org
Shibboleth — Providing students, educators and researchers access to many resources and services over the Internet using a web browser.
- In the past, access to controlled-access applications requires authentication, typically using an id and password maintained by each application provider. Not only did the provider have to maintain credentials for all their clients, but users had to remember these additional credentials. More importantly, user's personal information was stored by many organizations they had limited relationships with.
- With Shibboleth, the user is granted access to a remote application based on verification of their credentials (id/password) at their home organization. The service provider is provided only pre-approved personal information necessary to provide the service. Changes by the home organization to the credentials or personal information are automatically reflected on subsequent transactions.
- Because the home organization controls user authentication, single sign-on can be implemented. Once the user’s identity is verified once, the home organization can automatically and transparently authenticate access for other services. The user can then access other services without having to log in again.
- Shibboleth, developed by the Internet 2 community in the United States, implements a standardized protocol for access management (SAML) being adopted by education and commercial sectors in many countries. www.shibboleth.internet2.edu