PEANO Federation

Functioning of the federative service

PEANO Federation for Certifying Electronic Accounts (Identity Federation) for Science and Education is a consortium of organizations (legal entities) founded by Association of users of Ukrainian Research and Academic Network URAN without the formation of a separate legal entity. URAN Association is the Federation Coordinator. The main goal of PEANO is facilitation of access to distributed electronic resources for the members of the Federation.

Beside the Coordinator, PEANO Federation is constituted by member organizations of two more types: Identity Providers and Service Providers.

Authentication (Identity Provider)
validates that User belongs to the institution
Authorization (Service Provider)
gives to the user permission to use its service
  Discovery Server (DS PEANO)
List of Identity Providers
registered in Federation

 

When the User requests access to a web-resource provided by a Service Provider (SP) [1], the request is redirected to the Service Discovery Server of PEANO (DS PEANO) [2] who maintains the list of Identity Providers (IdP), members of the Federation.

The DS PEANO displays this list to the User [3] and he/she selects the organization of his/her affiliation [4]. The DS PEANO sends this choice of Identity Provider back to the Service Provider [5] which then sends an authentication request to the Identity Provider [6] which, in turn, displays the authentication interface page to the User [7].

The User enters his/her credentials [8]. In the case of successful authentication the Identity Provider sends the User's data (the User attributes) to the Service Provider for authorization [9].

In case the User is authorized to access the requested resource he/she is granted such access with browser, otherwise a warning message is displayed to the User [10].

Any organization can be a Service Provider in PEANO. Membership in URAN Association is not necessary for a Service Provider. But only URAN Association and its members can serve as Identity Providers. URAN Association and its members can act both as Identity and Service Providers at the same time.

Activities of PEANO are ruled by the Policy and Technical Rules which defines the procedures and technologies necessary for participation in PEANO.