A proposal for extending the eduroam infrastructure with authorization mechanisms

摘要

Identity federations are emerging in recent years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer more grained access-control and value-added services. Therefore, additional information, such as user attributes should be taken into account. This paper presents how one of those real and widely spread identity federations, eduroam, has been extended in order to make use of user attributes and to adopt authorization decisions during the access control process.