Introduction
China Science and Technology Cloud Authentication and Authorization Infrastructure (CSTCloud AAI),
which provides advanced and complete identity authentication and authorization services, to integrate
resources and services of Chinese Science and Technology Cloud (CSTCloud). It includes the following
systems: China Science and Technology Cloud Passport, China Science and Technology Cloud Identity
Federation, China Science and Technology Cloud Unified Authorization Management System, and China
Science and Technology Cloud Scientific CA system.
CSTCloud Passport System
CSTCloud Passport System is a unified account system based on China Science and Technology Cloud.
It provides centralized user authentication and application access services, and provides a series of
services for users, such as registration, login, account management, account security.
It also provides application access services for applications based on OAuth 2.0 authentication protocol.
CSTCloud Passport System users can single-sign-on all other service systems which accessed CSTCloud passport
services.
At present, the scale of passport system users has exceeded 1 million, with more than 800 application
accounts accessed.
CSTCloud Passport System provides SAML protocol support. As an identity provider (IdP), it has been
joined China Science and Technology Cloud Identity Federation, and accessed services with more than
20 well-known literature database service providers around the world. You can access these literature
resources by using your passport account at anytime and anywhere.
CSTCloud Passport System also provides the supports of EduRoam, greatly enriches the application scope
of system. It is an important part of CST Cloud Authentication and Authorization Infrastructure.
CSTCloud Identity Federation
CSTCloud Identity Federation is a new cross-domain authentication service launched by China Science
and Technology Cloud, which enables independent resources and service systems to easily access
various resources and services of the federation, or share their own resources and services through
the federation by using the same account with each other.
At present, there are more than 10 institutions become a member of our federation,
such as University of Science and Technology of China and Peking Union Medical College.
Also, with more than 20 well-known literature database service providers around the world.
Since September 2020, our federation has become a member of eduGAIN, a global identity federation.
CSTCloud Identity Federation plays an important role in our scientific and technological
participation in global research cooperation.
CSTCloud Unified Authorization Management System
The unified authorization management system mainly provides the management of virtual organizations
and basic authorization services. Teams, organizations, physical organization administrators, and
providers of resources and services can create and manage their own virtual organizations online.
Researchers can apply online to join these virtual organizations. Administrators review applications
and fully manage membership within the virtual organization.
The unified authorization system provides exposed interface services, provides membership between
virtual organizations and user accounts for federated resources and services, and provides basic
authority for resources and services within the federation. The unified authorization system supports
the binding relationship between virtual organization and resource service, and also give
administrators more personalized authorization management functions.
CSTCloud Scientific CA system
As a member of the Trusted Federation for International Interoperability, CSTCloud Scientific
CA system provides a series of services such as certificate application, issuance and management
for scientific research purposes. Scientific research certificate is an important personal
identity certificate for researchers to participate in international scientific research
cooperation, especially in the process of international infrastructure interoperability.
CSTCloud Scientific CA system will strengthen the integration with federal authentication,
provide certificate-based federal identity authentication for researchers, comprehensively improve
the security of federal authentication, and enhance the user experience in the use of resources
and services.