China Science and Technology Cloud Authentication and Authorization Infrastructure (CSTCloud AAI), which provides advanced and complete identity authentication and authorization services, to integrate resources and services of Chinese Science and Technology Cloud (CSTCloud). It includes the following systems: China Science and Technology Cloud Passport, China Science and Technology Cloud Identity Federation, China Science and Technology Cloud Unified Authorization Management System, and China Science and Technology Cloud Scientific CA system.

CSTCloud Passport System is a unified account system based on China Science and Technology Cloud. It provides centralized user authentication and application access services, and provides a series of services for users, such as registration, login, account management, account security. It also provides application access services for applications based on OAuth 2.0 authentication protocol. CSTCloud Passport System users can single-sign-on all other service systems which accessed CSTCloud passport services. At present, the scale of passport system users has exceeded 1 million, with more than 800 application accounts accessed.

CSTCloud Passport System provides SAML protocol support. As an identity provider (IdP), it has been joined China Science and Technology Cloud Identity Federation, and accessed services with more than 20 well-known literature database service providers around the world. You can access these literature resources by using your passport account at anytime and anywhere.

CSTCloud Passport System also provides the supports of EduRoam, greatly enriches the application scope of system. It is an important part of CST Cloud Authentication and Authorization Infrastructure.

CSTCloud Identity Federation is a new cross-domain authentication service launched by China Science and Technology Cloud, which enables independent resources and service systems to easily access various resources and services of the federation, or share their own resources and services through the federation by using the same account with each other.
At present, there are more than 10 institutions become a member of our federation, such as University of Science and Technology of China and Peking Union Medical College. Also, with more than 20 well-known literature database service providers around the world. Since September 2020, our federation has become a member of eduGAIN, a global identity federation. CSTCloud Identity Federation plays an important role in our scientific and technological participation in global research cooperation.

The unified authorization management system mainly provides the management of virtual organizations and basic authorization services. Teams, organizations, physical organization administrators, and providers of resources and services can create and manage their own virtual organizations online. Researchers can apply online to join these virtual organizations. Administrators review applications and fully manage membership within the virtual organization.
The unified authorization system provides exposed interface services, provides membership between virtual organizations and user accounts for federated resources and services, and provides basic authority for resources and services within the federation. The unified authorization system supports the binding relationship between virtual organization and resource service, and also give administrators more personalized authorization management functions.

As a member of the Trusted Federation for International Interoperability, CSTCloud Scientific CA system provides a series of services such as certificate application, issuance and management for scientific research purposes. Scientific research certificate is an important personal identity certificate for researchers to participate in international scientific research cooperation, especially in the process of international infrastructure interoperability.
CSTCloud Scientific CA system will strengthen the integration with federal authentication, provide certificate-based federal identity authentication for researchers, comprehensively improve the security of federal authentication, and enhance the user experience in the use of resources and services.