= Authentication and authorization infrastructure =

Authentication and authorization infrastructure (AAI) refers to a service and a procedure that enables members of different institutions to access protected information that is distributed on different web servers.

Traditional approaches to authorization and access control in computer systems are not sufficient to address the requirements of federated and distributed systems, where infrastructural support may be required. Authentication and authorization infrastructure solutions address such limitations. With an AAI, access control is not managed by a central register, but by the respective organization of the user who wishes to access a specific resource.

In Switzerland, the SWITCH Information Technology Services Foundation is developing a Shibboleth-based AAI system that helps Swiss universities in particular to make their e-learning offers accessible to students beyond their own institutional boundaries. Based on the success of SWITCHaai, other countries are following with their own AAI projects.

== Projects ==
- CSTCloud AAI, China
- DFN-AAI, Germany
- ELIXIR AAI, UK
- EOSC-hub AAI, European Union
- GARR IDEM AAI, Italy
- GRNET AAI, Greece
- SWITCHaai, Switzerland

== See also ==
- Authentication
- Authorization
- Central Authentication Service
- Federated identity
- Identity as a service (IDaaS)
- Identity management
- Infrastructure as a service (IaaS)
- Keycloak
- List of single sign-on implementations
- OpenAthens
- Shibboleth Single Sign-on architecture
