- Created by Albert Wu (internet2.edu), last modified on Mar 25, 2021
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 2 Next »
Jump to:
Call to Action
The National Institute of Health (NIH) is introducing a new Login Service gateway to streamline external user access to NIH online resources.
To ensure there is appropriate authentication and identity proofing to meet US agency requirements, and to facilitate user access provisioning, NIH is calling federated identity providers (e.g., identity provider, or IdP, published in the InCommon Federation) to support 3 interoperability and assurance framework defined by the research and education community:
- Streamlined user attribute release by supporting REFEDS Research & Scholarship (R&S) entity category.
- Implement strong authentication: perform multi-factor authentication (MFA) and signal MFA using REFEDS MFA Profile.
- Communicate identity proofing and assurance using the REFEDS Assurance Framework.
When Does All This Happen?
Full implementations all three elements will take time. Identity Provider operators in the InCommon Federation should begin planning and implementation as soon as possible, noting the following coming milestone dates:
Date | Event/Milestone / Impact |
---|---|
April 1, 2021 | Office Hour: join representatives from InCommon and the National Institutes of Health to discuss the coming changes to the NIH electronic Research Administration (eRA) modules. The office hour will take place Thursday, April 1, at 4 pm ET, 3 pm CT, 2 pm MT, 1 pm PT |
September 15, 2021 |
|
May 2021 |
|
Summer 2021 |
|
TBD | Additional NIH services to come online through out 2021 and beyond. Watch this page for updates. |
What Do I Need to Do?
When | What | Why |
---|---|---|
Now - September 2021 | If you have eRA users:
| eRA requires users to sign in with MFA effective September 2021. NIH Login Service, used by eRA to process federated SSO, requires MFA signaling using REFEDS MFA Profile. eRA also requires user attributes defined in R&S. |
Now - Summer 2021 | If you have users accessing any NIH resource:
| Get ready. Although not all resources will require all three elements (MFA, R&S, identity assurance), as NIH resources begin consolidating access via the new NIH Login Service, they will expect federated IdPs to support these profiles. |
Next | Stay tuned. Follow this page by clicking the "watch" link at the top of the page to receive updates as we learn more. |
More About the NIH Resources
Electronic Research Administration Portal (eRA)
Effective September 15, 2021, eRA(https://era.nih.gov) will require all of its users to sign in with MFA. eRA will accept qualified federated credentials. To qualify, the IdP needs to authenticate the user using MFA and signals the outcome using REFEDS MFA Profile. In addition, eRA will require the IdP to release user attributes defined in the REFEDS R&S category.
About eRA and InCommon
eRA is NIH’s research administration portal. Principal Investigators and grant administrators from universities and research organizations use eRA to apply for and manage NIH-funded grants. eRA has about 40,000 users and over 204,000 grants in its database. Over 130,000 of the grants are issued to InCommon participants.
Impact
Users who cannot sign in using a qualified credential from their home institution will be directed to create and use a login.gov credential to sign into eRA.
National Center for Biotechnology Information (NCBI; PubMed)
Effective June 2021, NCBI, including PubMed, will transition use only federated credentials for user access ( https://ncbiinsights.ncbi.nlm.nih.gov/2021/01/05/important-changes-ncbi-accounts-2021/).
PubMed requires a federated IdP to release attributes defined in R&S. It does not require MFA or eduPersonAssurance.
About PubMed and InCommon
PubMed is one of the world’s largest online biomedical research databases. It has millions of users around the world. It is likely that all universities have some students or faculty accessing PubMed today.
Researcher Auth Service (RAS)
RAS (https://datascience.nih.gov/researcher-auth-service-initiative), a component of the NIH Login Service launching in 2021, facilitates consistent and user-friendly access to NIH’s open and controlled data assets and repositories.
Follow the Updates
We will post updates to implementation announcements on this page as they become available. Follow this page by clicking the "Watch" link above to receive the latest updates.
Resources
- No labels