1. GakuNin: Federated Identity Management Activities in Japan
Takeshi Nishimura/Academic Authentication Systems Office National Institute of Informatics

2. Most of Major Publishers
2009/8/5
An Academic Identity Federation in Japan
Build up new ICT infrastructure to support R&E based on SSO technologies
Provides trust framework (technologies, policies and assessment)
Towards value added services (academic discount, etc.) by collaboration with commercial
Improves usability and security with continuous R&D (including multifactor/cert. auth.)
Lib Services
Web mail
Groupware
E-Learning SP
Univ. A
Univ. B
Univ. C
IdP
GakuNinSteering Committee
Federation Policy
IdP Auditing
Promotion
Faculty
Staff
Student
Inter University
Unified Campus Auth
Identity
Provider
Service
Attributes
E-Journals
Privacy-Preserved
Info. Web Site
Registration Sys.
Metadata Repo.
Discovery Service
Easy Access from out of Campus
Seamless access with SSO
Reduction of ID management cost,
Improvement of security
Academic Federations have been established per country basis
Content Services
Application Services
Admin Services
eLearning
ePortfolio
Most of Major Publishers 2
Foodle

3. Number of IdPs/SPs (As of Oct. 2017)
#IdP Users
#SPs
200
M Users
1.42M
153
pilot
Production
Japanese total HE population is
about 3.7million
National
Public
Private
Junior College
Tech. College
Inter-Univ. Institute
Other
Total
Participants 67 17 54 51 1 10
200
Ratio
78%
19% 9% 0%
89%
# Total 86 91
600
343 57

4. History of GakuNin ID Federation
2008
Feasibility Study with test accounts
Participants: 30 IdP sites and 18 SP sites (incl. Elsevier)
2009
Pilot Operation (UPKI-Fed) with real accounts and services
Preparation of policy documents
2010
Production Operation started (As a 3 years project)
Renamed as “GakuNin”
2012
US FICAM LoA-1 assessment for requested IdPs started by cooperation with OIX (Open Identity eXchange); (switched to Kantara in 2015)
2014
Shifted to an official service by NII
Still no fee is required to join

5. Attributes 2010- 2014 2017 jasn jaGivenName mail jaDisplayName sn jaoou
givenName
displayName
eduPersonAffiliation
eduPersonPrincipalName
eduPersonEntitlement
eduPersonScopedAffiliation
eduPersonTargetedID
jasn
jaGivenName
jaDisplayName
jao
jaou
2014
isMemberOf
gakuninScopedPersonalUniqueCode
2017
eduPersonAssurance
eduPersonUniqueId
eduPersonOrcid

6. GakuNin enquete (questionnaire)
Annual self-audit for IdPs
Our rules
Operating Policies for GakuNin Participants
System Administration Standards for the GakuNin
Based on answers, GakuNin asserts grade A & B.

7. 2009/8/5
eduGAIN
as you know

8. GakuNin with eduGAIN GakuNin joined eduGAIN in 2013.
With slight update of our rules
Our IdPs/SPs joins eduGAIN by opt-in basis (still)
We are preparing metadata two times per month.

9. Our motivation for eduGAIN
Formerly, e-Journals
Currently, ORCID

10. Current issues about eduGAIN
Building filter settings for Shibboleth IdP
How to provide Discovery Service for eduGAIN IdPs
Are there Open IdPs in eduGAIN?
<afp:AttributeFilterPolicy id="PolicyforCUP" xmlns:afp="urn:mace:shibboleth:2.0:afp">
<afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value=" />
<afp:AttributeRule attributeID="eduPersonScopedAffiliation">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
</afp:AttributeFilterPolicy>