Skip to main content
Skip table of contents



A piece of information about an object, usually a user, supplied by an identity provider to a service provider.

Authentication & authorisation

Authentication is the checking of user credentials. In federated access the identity provider does this part. Authorisation is whether (or not) they can access a thing, and the service provider does that based on the user's scope and attributes.

Deep linking

Where a link can send the user straight to the signed-in version of a page. Sometimes called 'article level linking'


In this case it means organisation discovery. It's the way a user accessing a service provider (SP) tells that SP which identity provider they are from. 


An identity provider or service provider within a federation. Some members have more than one entity, such as when a service provider has several products.


The identifier of an entity within metadata. An identity provider will have one of these but may have many scopes. These usually look like a secure URI on a domain owned by the identity provider, but do not have to be a real web page - e.g:

Identity Provider (IdP)

The organisation that issues identities to its users, e.g. a library.


Information about entities so that each end knows how to talk to each other.
A federation will publish a set of aggregated metadata that all parties can trust.

OpenAthens Redirector

When a resource supports both deep linking and wayfless access, you can use our redirector to make simple links


Security Assertion Markup Language. The standard upon which most federations work.


The identifier of an organisation or part of an organisation. It is expressed as an internet domain owned by the identity provider. Organisation parts would usually add a 'subdomain' as the thing that tells them apart.  in the OpenAthens federation it generally a number. E.g:
The scope is supplied as part of the scopedAffiliation attribute (see below)


The friendlier name for an attribute with the charming name of urn:oid: It's a user's role, such as member, staff, student, combined with your scope. E.g:

Service provider (SP)

The resource provider that authorises entry based on the scope and attributes of the user attempting access. SP is the SAML term, but you may recognise them as vendors or publishers.


An open source software developed originally by Internet2 and supported by the Shibboleth Foundation. Since federation operators can talk about it without appearing to endorse any particular supplier, they do that


The friendlier name for urn:oid: It is a pseudonymous identifier for an individual user that is consistent every time the user visits an SP but different for each separate SP


An access URL that includes the entityID of a user's IdP so that the user does not have to stop and tell the resource where they are from when signing in.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.