CARSI CERNET Authentication and Resource Sharing Infrastructure

Frequently Asked Questions

Q: What does an Identity Provider (IdP) do?

• Allow SSO, within the institution and federation.
• Maintain user attributes while protecting privacy.
• Know the SPs in the federation, so they only send user attributes to trusted SPs.
• Allow idp administrators and individual users to control the attribute release.

Q: What does a Service Provider (SP) do?

• Protect web applications to only be accessed by federation idp users
• Control access to service (who can access what) based on the attributes received from an IdP, i.e. they implement attribute-based access control.
• Know the IdP in the federation, so they only accept user assertions from trusted IdP.

Q: I am a user, how can I use the shared resources?

A: If you identity affiliation is a CARSI-idp, you can use federation shared resources under the agreement between your home idp and the visited resource. If you have no CARSI-idp identity, you can register an open-idp identity and become a federation guest user. Only parts of the shared resources can be visited by the Open-IdP users depending on the resource visiting policy.

Q: How can I register an Open-IDP account?

1. visit, choose to be a user.
2. select Open-IdP -& Registering an account.
3. fill in the form and submit.
4. get your account.

About us | Contact us | ©2007 Computer Center, Peking University