The document discusses the evolution of identity management within the academic sector in Bangladesh, focusing on the Tigerfed identity federation by BDREN, which facilitates seamless access to services for educational institutions. It outlines the benefits and risks of Single Sign-On (SSO), the establishment of federated identity management, and the integration of services like eduroam for enhanced connectivity. Additionally, it highlights how Tigerfed provides free, reliable identity and access solutions for libraries and users, significantly improving access to digital resources and collaboration tools.

1. Enhancing seamless
access using TIGERfed
Abu Naser Md. Nafew
Network Engineer, BdREN
The only identity federation for the R&E community of Bangladesh.

2. Evolution of Identity Management

3. Campus level Identity Management
Identity starts at your university campus and research institutions.
● Staff, Students and researchers join the university community for
○ Work
○ Study
○ Research
● The institutions will capture some information about the person
○ HR Systems
○ Student Systems
○ Research systems
● Issue credentials
○ Username / ID
○ Password / Pin
○ MFA Tokens (Mobile app, Security Tokens, SMS, etc)

4. Campus level Identity Management
The Provisioning system provides...
● Credentials
● Email
● Authorization to services
○ Learning Management System (LMS
)
○ Wireless access
○ Online Storage
○ Collaboration tools
○ And many other campus services
● Physical access (swipe card access)
Plenty of options for provisioning services
● Home grown systems (scripts)
● Commercial offerings
○ MS MIM and FIM
○ SalePoint
○ WSO2
○ ForgeRock
○ OKTA
● OpenSource
○ OpenIAM
○ MidPoint
○ Gluu
○ FreeIPA
Most institutions will have some processes and tools that make up a provisioning service.

5. Campus level Identity Management
The Provisioning system provides...
● Credentials
● Email
● Authorization to services
○ Learning Management System (LMS
)
○ Wireless access
○ Online Storage
○ Collaboration tools
○ And many other campus services
● Physical access (swipe card access)
Plenty of options for provisioning services
● Home grown systems (scripts)
● Commercial offerings
○ MS MIM and FIM
○ SalePoint
○ WSO2
○ ForgeRock
○ OKTA
● OpenSource
○ OpenIAM
○ MidPoint
○ Gluu
○ FreeIPA
Most institutions will have some processes and tools that make up a provisioning service.

6. Single Sign-on
One credential to access many services.
Benefits
● Institutions needs to issue only one set of credentials
● Enables users to remember fewer credentials
● Streamlines the login process
● Reduces the chance of phishing
● Reduces support desk tickets
Risks (all can be mitigated)
● Authorization still needs to be addressed
● User may get locked out of many services it authentication service is
unavailable
● Unauthorized users gain access to more than one service
● Authentication service becomes a point of attack
Once provisioning is sorted out, most institutions
will move to Single Sign-on
Convenience vs Risk

7. The dawn of federations
There is natural progression from enterprise IAM to federated IAM, but we need
some level of trust...
Federated identity management (FIdM) amounts to having a common set of
policies, practices and protocols in place to manage the identity and trust
into IT users and devices across organizations
With a trust framework in place, tools in place and
common protocols users and one institution using t
he credentials issued by their institution can access
services at a another institute or company.

8. Federated Identity Management
For higher education, two forms for Federated Identity Management emerged:
eduroam: A federation providing wireless access
Identity Federations: Single-sign on for Web based applications

9. eduroam
eduroam is an international Wi-Fi internet access roaming service for users in
research, higher education and further education. It provides researchers, teachers,
and students network access when visiting an institution other than their own.
In 2023, the eduroam system recorded over 7.5 billion national and international
authentications.
HSIA has become one among more than 3
0 international airports in the world that pr
ovide “eduroam” services to the travelers.

10. eduroam
HSIA has become one among more than 30 international airports in the world that
provide “eduroam” services to the travelers.
This has become the first such instance in the Asia-Pacific region.
BdREN is looking forward to enabling “e
duroam” service at other international ai
rports in the country such as the Osmani
International Airport, Sylhet, and the Sha
h Amanat International Airport, Chittago
ng.

11. © copyright, Bangladesh Research and Education Network, All Rights reserved
Identity Federation

12. Identity Federation
Research and Educations identity federations are generally operated by the
NREN.
● Policy framework that ensure trust
● Technology framework that implements authentication standards
○ SAML (Secure Access Markup Language)
○ OpenIDConnet
● Management and Support
● Bring Identity Providers and Service Provider together

13. Identity Federations
Currently there are at least 76 National Research and Educations federations, 15
of which are in the Asia / Pacific region.
● Different levels of maturity
● Different focuses
○ Supporting Research
○ Access to Publisher resources
○ Providing teaching and learning tools and infrastructure
○ Collaboration
● Different levels of support
○ from a fraction of EFTSU
○ to 20+ staff members

14. © copyright, Bangladesh Research and Education Network, All Rights reserved
TIGERfed
The TIGERfed is the first and only Identity Federation for education and
research organizations in Bangladesh which is operated by Bangladesh
Research and Education Network (BdREN).
The TIGERfed Identity Federation is introduced to facilitate and simplify the
access of shared services across the Federation.

15. © copyright, Bangladesh Research and Education Network, All Rights reserved
Federations around the Globe

16. © copyright, Bangladesh Research and Education Network, All Rights reserved
Benefits of Identity Federation
Ease of Access to
services
Integrate
multiple Identity
and Service
Providers
Improve the
user experience
through SSO
Improve the
security
Ease of
Management of
users

17. One of the key beneficiaries of the
identity and access federation are
the University Libraries

18. eduGAIN
The eduGAIN interfederation service connects identity federations around the w
orld, simplifying access to content, services and resources for the global research
and education community. eduGAIN comprises 76 participant federations connecti
ng more than 8,500 Identity and Service Providers.
● 4959 Identity Providers
● 3582 Service Providers
Continues to grow and improve...
TIGERfed is member of edugain

19. © copyright, Bangladesh Research and Education Network, All Rights reserved
Benefits of Identity Federation for Libraries
Simplified Access to Digital Resources
Off-Campus Access to eBooks and journals
Enhanced Security
Cost Efficiency

20. © copyright, Bangladesh Research and Education Network, All Rights reserved
Current Methodologies of Accessing Digital Resources
Remotely Access the digital resources from
outside of campus by taking the paid servic
es like OpenAthens, EzProxy
Remote Access
Users can access the digital resources by acc
essing it from Campus Network
Accessing On-Campus

21. © copyright, Bangladesh Research and Education Network, All Rights reserved
Similarities Between OpenAthens and TIGERfed
B
A
Federation for Remote Access
to publishers and digital resources
Secured and Reliable
Hosted Identity Provider
Identity and Access Federation
for the research and Education
community of Bangladesh
Secured and Reliable
IDP-as-a-Service with
Hosted Solution

22. © copyright, Bangladesh Research and Education Network, All Rights reserved
Shifting of Remote Access
KUET
BUET
DU
BRACU
SUST
BSMRST
U
BU
PUST RU
SAU
BAU
University
X

23. © copyright, Bangladesh Research and Education Network, All Rights reserved
Shifting of Remote Access
KUET
BUET
DU
BRACU
SUST
BSMRST
U
BU
PUST RU
SAU
BAU
University
X

24. © copyright, Bangladesh Research and Education Network, All Rights reserved
Advantages of TIGERfed over OpenAthens
KUET
BUE
T
DU
BRAC
U
SUS
T
BSMR
STU
BU
PUS
T
RU
SAU
BAU
Free of Cost
TIGERfed hosted IDP is
completely free of cost
No Limits on Accounts
There is no limit in the maximum
number of accounts for remote
access
Hassle Free
Library Administration doesn’t
need to create any account for
anyone
Dedicated Support
24*7 Support from our NOC in
case of any necessity

25. We Provide SSO and Remote Access to
IEEE
JSTOR
Emerald
Springer Nature
Wiley
Pearson
Mcgraw Hill
Taylor & Francis
World Scientific
Sage Knowledge
Oxford University Press
Cambridge University Press
With many edugain services
like:
• indico
• Cloudstor
• Sciencedata
• Semanticscholar
and many more…

26. Demonstration of Remote
Access with TIGERfed

27. Questions?

28. Thank you
TIGERfed