YETKİM - Identity Federation

About

YETKİM is Turkey's identity federation for higher education and research institutions.

The federation provides authentication and authorization infrastructure for web resources. This infrastructure supports easy and secure inter-organizational access to web resources.

Without an identity federation, a user registers with each web service s/he wants to access and has different credentials (usually username and password) for each service. As a result, the user has to deal with many credentials, one for each resource.

Additionally, web resource administrators should register the users themself, should manage user information and credentials and should keep them secure and private.

With an identity federation;

YETKİM federation is operated by ULAKBİM. Members are institutions. Institutions participate in the federations as:

  1. Identity Provider: authorization and user information service connected to the organization's user management system.
  2. Service Provider: Web based services that needs access control. Eg. Database access, e-book access, wiki access, etc.

Federation is operated under certain policies. Services are registered and their metadata are shared under certain policies. Institutions who wants to join the federation should accept the policies. One institution may join the federation with one or more services. At least one of them should be an Identity Provider.

YETKİM federation is a full mesh federation. All the federation's metadata is consumed by all entities within the federation. Therefore, every entity in the federation is aware of every other.

YETKİM is a member of eduGAIN. eduGAIN is an international interfederation service interconnecting research and education identity federations.It enables and simplifies the secure exchange of information related to identity, authentication and authorization between participating federations. It simplifies access to interfederation services.

YETKİM has an opt-in eduGAIN participation policy for service providers, and an opt-out policy for identity providers. That is, an identity provider in the federation is automatically exported to eduGAIN unless it chooses to be excluded and a service provider in the federation is explicitly asked to be exported to eduGAIN.