IDEM (IDEntity Management) for federated access


IDEM (IDEntity Management for federated access)
It is an authentication service which allows users of academic and research entities that are part of the federation to use their credentials (those used in their institution) for access, also to access federated resources of all the participating institutions to the project. Since April 1, 2009, the IDEM Federation has been operating at the GARR Consortium with the aim of creating the Authentication and Authorization infrastructure of the GARR network. The University of Verona is federated in IDEM: the credentials to be used for access with federated authentication are those of GIA (University Identity Management).

List of active services in IDEM

To all users of the university with GIA credentials.

The University Network is connected to the GARR Network (Research Network Extension Management) which provides connectivity to the entire Internet Network.
The GARR Network is the Network of the Italian Community of Universities and Scientific and Technological Research and is based on collaborative projects between Italian universities and public research institutions. This aims to "provide researchers with services independent of geographic location, promoting coordination and collaboration in national and international research activities and the diffusion and testing of advanced technologies and new services".
Access to the university network is regulated by the specific Acceptable Use Policies (AUP) and the use is allowed only for institutional activities, ie "research, teaching, administrative functions" and exclusively to people belonging to the GARR Community

Notes on the release of the attributes for the use of federated IDEM-GARR-AAI authentication for the University of Verona.
The credentials for access to the services provided by the IDEM-GARR-AAI Federation and the internal services offered through the Service Provider of the University of Verona are private and cannot be transferred to anyone for any reason and in any capacity. The user must know that the authentication system issues a series of LDAP attributes to the external Service Provider which are essential for authentication and in the absence of which the provision of the requested service is not possible.

These attributes are:
ou: Descriptive attribute of the University.
uid: Username.
cn: User name and surname.
givenName: First name of the user.
sn: User surname.
email: User's email address.
telephoneNumber: Telephone number of the user. The phone number is explicitly requested by some SPs (for example Nilde).
employeeNumber: User serial number. Currently not implemented.
preferredLanguage: Language preferred by the user (native speaker).
eduPersonEntitlement: Special qualifications. Entitling in particular is used to access bibliographic resources
eduPersonPrincipalName: "scoped" attribute derived from uid. Scoped attributes derive from the basic ones with the addition of the organization suffix.
eduPersonAffiliation: Degree of affiliation within the organization.
eduPersonScopedAffiliation: Scoped derived from the previous one. Scoped attributes derive from the basic ones with the addition of the organization suffix.
eduPersonTargetedID: Attribute that allows the management of sessions anonymously. Attribute that allows the management of sessions in anonymous form calculated thanks to a random and non-reassignable algorithm.
For problems related to credentials and authentication and for any other problem on the service
please contact the Help Desk (login required).


Organizational Referent (RO)
Dr. Anna Bianchi
tel .: +39 045.802.8615
Technical Referent (RT)
Dr. Giancarlo Peli
tel .: +39 045.802.8723


Notes on provision of authentication data to IDEM-GARR-AAI for the University of Verona