Authentication and Authorization Infrastructure (AAI)

In Earth System Science and related disciplines, students and researchers require secure and flexible access to diverse data resources. An Authentication and Authorization Infrastructure (AAI) is a framework of technologies, standards, and services that manage digital identities and control access rights across distributed systems and digital resources.

As a background service, AAI providers—often institutional entities—grant access and manage user information such as names, emails, and affiliations. With AAI, users log in once with their home organization (e.g., university, company, or identity provider) and can then access multiple trusted services without repeatedly entering credentials. This not only improves user convenience but also reduces the administrative burden of identity management.

A practical example is the Earth System Grid Federation (ESGF), which provides a federation for climate model data. ESGF’s AAI framework allows researchers to log in with their institutional credentials to access distributed climate data resources. Similarly, the IMA4NFDI initiative is empowering researchers across Germany and worldwide to seamlessly access tools, data, and services within the National Research Data Infrastructure (NFDI) by using a unified Identity and Access Management (IAM) system.

Example Implementation

• IMA4NFDI
• Shibboleth
• DFN-AAI
• Helmholtz-AAI
• Academic-ID
• ORCID
• Keycloak

Standards

• SAML 2.0 (Security Assertion Markup Language (SAML)
• OAuth 2.0
• OpenID Connect (OIDC)