Identity and Access Management (IAM) remains a significant challenge within the R&E (Research and Education) community in Africa. This greatly hinders collaboration within the region. To help solve this problem, the idea of having a Kenyan identity federation was born in 2016. The aim was to provide easy access and facilitate SSO (Single Sign-On) for KENET and its member institutions to research materials and services globally. As such, staff and researchers in the KENET community would use their “home institution” credentials (a single set of username & password) to access education and research services globally without having to create yet another account! From this idea, the journey of RAFIKI – the Kenyan Identity Federation for Research and Education begun. The federation was dubbed RAFIKI, Swahili for ‘friend’, as it provides a friendly way to login and access resources globally.
Training of Federation Operators
The Federation operators training was conducted by UbuntuNet Alliance for a period of one month, starting September 1st 2021. The training had participants drawn from several East and Central African countries including Somalia, Tanzania, Zimbabwe, Uganda, Congo DRC, and Kenya. Kenya Education Network was represented by Ms. Joy Otuya Oyim, Mr. Anthony Kimani, and Mr. Emanuel Wanyonyi, who would later become very instrumental in establishing RAFIKI.
The Operationalization of The Federation.
After the training, the next step was the actual implementation of the Federation. The implementation team was made up of different technical staff tasked with different roles including drafting the federation policies and setting up the federation infrastructure. Currently, the federation infrastructure consists of an IdP (Identity Provider), several service providers (SPs), a Federation Management system, a discovery service and the federation website where various information including the federation policies are posted.
RAFIKI draws its membership from the KENET community. Currently, the federation has one active Identity provider (https://rafiki.ke/list_of_idps) and two Service providers (https://rafiki.ke/list_of_sps). KENET is making deliberate efforts to grow RAFIKI’s membership by continuously making targeted communication to the community. So far, five institutions have expressed interest in joining the Federation as Identity providers.
Additionally, KENET will be federating more services which will potentially attract more members. These include, Utafiti – a data visualization and benchmarking service, an event management service, and a web conferencing solution.
To cater for “small” institutions within the community that have no existing form of authentication, have neither the server resources nor the technical expertise required to setup such identity databases, KENET has setup a managed IdP (Identity Provider). On this managed IdP, users can self-enrol, reset their password when need arises, and idle user accounts are automatically deleted to ensure that we maintain a clean database of users. However, institutions are encouraged to setup their own user databases and the KENET team can provide technical guidance in the process.
To enable global access to thousands of educational and research resources for the Kenyan Research and Education community, RAFIKI initiated the process of joining eduGain. eduGain provides an efficient way for participating federations, users, and services to interconnect. The joining process was elaborate and required compliance with all the requirements set out on the eduGain website (https://technical.edugain.org/joining_checklist). Under the guidance of Casper and Tomasz of eduGain, RAFIKI complied with all the eduGain joining requirements and was voted in as a member on 20th September 2022. We are excited that the RAFIKI members will not be limited by geographical borders in as far as access to resources is concerned.
Looking to the future
In addition to maintaining RAFIKI’s infrastructure, KENET intends to play an active role in the community by continuously creating awareness and training other Research and Education Networks in the region to increase adoption and collaboration.
On behalf of RAFIKI, KENET would like to thank UbuntuNet Alliance, especially Alex Mwotil, and the eduGAIN team of Mario Reale, Casper Dreef and Tomasz Wolniewicz for their training and support throughout this journey. Without them, this could not have been possible.
This article was developed by KENET.