What is AAI?

AAI stands for Authentication and Authorization Infrastructure.

AAI is a system (infrastructure) that checks to make sure your user name is valid (authentication) and then makes sure that you are allowed to view the web resource you're asking for (authorization).
The AAI system is maintained by SWITCH, the Swiss Education and Research Network. See also SWITCH's page: What are the benefits of AAI for the user?

A link to an aai-enabled resource might have this logo after it:

When you see a SWITCHaai logo (or if you're asked to authenticate yourself via SwitchAAI), then the web resource you're accessing is AAI enabled. An AAI enabled resource offers an AAI login. That means that you can use your university or Fachhochschule username and password for that login if you are a member of an institution that is a SwitchAAI "Home Organisation".


Being able to use the same username and password (the one your university or FH gave you) to log in to other resources is just one convenience.

There's another convenience: when you log in successfully to an AAI enabled resource, the authentication part (who you are) is valid for as long as your browser is open (the browser session). If you log in to another AAI enabled web resource, you won't have to enter your name and password again - a very convenient benefit of using AAI enabled resources. This is the advantage of a so-called "single sign on".

Beware! It's a double-edged convenience and with it comes responsibility: make sure you exit the browser entirely after using a public computer! Otherwise the next person who comes along could use your login information to access resources they don't have permission to.

Data protection (ARPviewer )

When you first login to a service provider such as OLAT or VirtualCampus, you are informed about the personal information that will be sent over the network. If you disagree, you will not gain access to the resource. If some time later a resource requires more personal information than what was required the first time you logged in, you will be prompted again to accept to send your personal information to that resource. The Digital ID Card information page provides a more detailed documentation about this system.

How does it work?

Authentication: The AAI system lets your home organisation - usually your educational institution - check that your user name and password are valid for that institution.

Authorization: After your institution confirms your login info, AAI then lets the web resource decide whether you can access it or not. If the web resource says that you are allowed access to it, the system lets you through to view it.

Neither SWITCH nor the AAI system knows who you are, it just passes your login information to the home organisation and then the information from the home organisation to the web resource. AAI is an information broker, it doesn't check any information itself. (SWITCH's privacy policy)

More details?

See the FAQ on AAI and participant list at Switch.

The culture zone
or: what does Shibboleth mean?

Shibboleth on Wikipedia

How to pronounce Shibboleth?