adAS FED within SIR2

What did they previously have?

RedIRIS is the Spanish academic and research network that provides digital identity services to its affiliated institutions through a SIR identity federation. It is responsible for facilitating the authentication and authorization to several service providers.

SIR was a federation based on an Hub&Spoke infrastructure which allowed multiple interoperability protocols to connect new service providers but limited the addition of identity providers to those who had PAPI protocol. Because of PAPI being a protocol fallen in disuse and existing few identity providers which supported it, the deployments were more complex. SIR federation had various open source products deployed together in order to cover different interoperability protocols.

What did we propose?

There was a need to update, modify and maintain the federation so the new infrastructure was based on open standards, was more flexible, capable and had more quality assurance without compromising the infrastructure already deployed. The goal was to have SAML2 as an interoperability protocol for identity providers, making easier the connection with the different digital identity products already deployed in RedIRIS' affiliated institutions. PRiSE, having developed the adAS FED product, complied those requirements.

How was it done?

The project comprised of the migration of the existing infrastructure to adAS FED’s, taking into account that the service provided by RedIRIS was never interrupted. That way SIR2 was created, maintaining the Hub&Spoke infrastructure and using SAML2 as the main protocol for the deployment of the federation. Thanks to adAS Fed, not only were the other protocols used by previous service providers kept, but new technologies were included in the federation such as OAuth2 or OpenID Connect.

Thanks to adAS Fed, RedIRIS has got a product to manage the whole of the digital identity federation and improvement and automatization of the procedures to manage the federation, such as having a better administration interface which is more flexible and potent while operating attributes. 

Due to the infrastructure designed by PRiSE, SIR2 has evolved to a much more advanced digital identity federation that uses all the features provided by the more common and widespread SAML2 technical profiles.