InAcademia x eduGAIN

InAcademia x eduGAIN

Like its parent product, eduGAIN, InAcademia provides real-time validation of academic affiliation using trusted sources, but unlike eduGAIN it provides a single point of integration for the merchant, particularly those that operate OpenID Connect clients, and acts as a gateway to academic identity providers using the InAcademia service, with the potential to reach a high proportion of academic institutions across Europe, and without the need to understand the technical nuances of each national academic identity federation.

The benefits of InAcademia in comparison to full federation membership are extensive.

For merchants:

  • InAcademia directly supports OIDC clients (where the IdPs and eduGAIN protocol is typically SAML).
  • InAcademia is operated and governed by a collaboration of European national academic identity federations, therefore, merchants using InAcademia have the benefit of the technology and experience without having to understand every aspect of the academic federated identity landscape.
  • InAcademia keeps in step with developments in policy and technology that would otherwise have to be understood and mitigated in-house by the merchant.
  • A fundamental design feature in InAcademia is the principle of simplification: InAcademia provides a straight-forward, easy-to-process validation results.
  • Some federations operate an opt-in policy: if service providers were to rely on federation membership alone they would have to persuade on a 1:1 basis hundreds, if not thousands of institutions to opt into their SP, and would need to handle any technical idiosyncrasies of every national context.  InAcademia creates a 1:1 relationship (SP to InAcademia) instead of a 1:Many relationship (SP engaging with every Federation and Institution either to fix issues or to ensure IdPs opt in or don’t filter).
  • InAcademia handles authentication response flows in a more predictable manner: native OIDC ans SAML response flows combined with the heterogeneous nature of the eduGAIN landscape can be quite confusing. In comparison, service providers operating in eduGAIN have to understand and handle multiple response and error scenarios, from multiple identity provider technologies.
  • InAcademia logs key technical events and proactively works to resolve issues found with support of each national Federation.

For institutions and federation operators:

  • InAcademia responds to a merchant request for validation with pseudonymised identifiers, and strips out any superfluous PII returned by the IdP before returning its authentication response to the client, meaning that it’s a truly privacy-preserving layer of protection for IdPs.
  • Once onboarded to InAcademia, the institution needs only to opt into InAcademia in order to benefit from its downstream services.
  • InAcademia is transparent in its privacy policy as regards the services to which it is proxy.
  • Federation operators have an opportunity to shape the future of the InAcademia service by joining its steering committee.
Skip to content