Authentication and Authorisation Infrastructure (AAI)
The AAI is a service used across various organisations that regulates and simplifies access to networked resources.
The AAI consists of two groups of components: Home organisations (IdP - Identity Provider) and resources (SP - Service Provider). Participating Swiss organisations form a federation (SWITCHaai) that is based on mutual trust.
The home organisations (e.g. universities or technical colleges) are responsible for the registration and administration of their users. In the event of a request to access a resource, user authentication takes place at the respective home organisation. After successful authentication, the home organisation sends the desired user attributes to the service provider after the user has given his/her consent (user consensus).
The IDP of ETH is based on Shibboleth software and uses the ETH LDAP service as a source of information.
Customers can protect their resources through user authentication and authorisation and make their content or services available to a wider audience.
It is also possible to thereby restrict access to content and services based on user attributes or, conversely, make them accessible internationally.
Furthermore, users also benefit from single sign-on (SSO).