What is AAI?
AAI stands for Authentication and Authorization Infrastructure.
AAI is a system (infrastructure) that checks to make
sure your user name is valid (authentication) and then
makes sure that you are allowed to view the web resource you're asking for
The AAI system is maintained by SWITCH, the Swiss Education and Research Network. See also SWITCH's page: What are the benefits of AAI for the user?
When you see a SWITCHaai logo (or if you're asked to authenticate yourself via SwitchAAI), then the web resource you're accessing is AAI enabled. An AAI enabled resource offers an AAI login. That means that you can use your university or Fachhochschule username and password for that login if you are a member of an institution that is a SwitchAAI "Home Organisation".
Being able to use the same username and password (the one your university or FH gave you) to log in to other resources is just one convenience.
There's another convenience: when you log in successfully to an AAI enabled resource, the authentication part (who you are) is valid for as long as your browser is open (the browser session). If you log in to another AAI enabled web resource, you won't have to enter your name and password again - a very convenient benefit of using AAI enabled resources. This is the advantage of a so-called "single sign on".
Beware! It's a double-edged convenience and with it comes responsibility: make sure you exit the browser entirely after using a public computer! Otherwise the next person who comes along could use your login information to access resources they don't have permission to.
When you first login to a service provider such as OLAT or VirtualCampus, you are informed about the personal information that will be sent over the network. If you disagree, you will not gain access to the resource. If some time later a resource requires more personal information than what was required the first time you logged in, you will be prompted again to accept to send your personal information to that resource. The Digital ID Card information page provides a more detailed documentation about this system.
How does it work?
Authentication: The AAI system lets your home organisation - usually your educational institution - check that your user name and password are valid for that institution.
Authorization: After your institution confirms your login info, AAI then lets the web resource decide whether you can access it or not. If the web resource says that you are allowed access to it, the system lets you through to view it.
The culture zone
or: what does Shibboleth mean?
Shibboleth on Wikipedia
How to pronounce Shibboleth?