The B2ACCESS service is a Identity and Authorisation Management (IAM) system which arbitrates authenticated access to registered services in the context of the EUDAT Collaborative Data Infrastructure (CDI). The role of the B2ACCESS service is to allow these services to make authentication and the authorisation decisions, and to perform any other processing required, when the end user accesses these services. When connecting to a CDI service that requires a login (eventually with further attributes) the access request is redirected to the B2ACCESS instance ( https://b2access.eudat.eu:8443/home/home) and the user can effectively login by using his/her primary credential (such as username and password).
EUDAT identifiers provided by the B2ACCESS service are persistently bound to the user's primary identity. Primary identities can be provided by external identity providers, e.g. shibboleth IdPs of the users' home organisations or OpenID providers such as the Google IdP, or they can be provided by the B2ACCESS service itself, if the users registered genuinely on this service. B2ACCESS may use and store the Attributes provided by the IdP. The B2ACCESS Service Provider makes sure that the end user’s attributes are only forwarded to lower-level Service Providers which the end user wants to access. Service Providers must have declared to the B2ACCESS SP that they comply with the GEANT Data Protection Code of Conduct. This implies that these lower-level Service Providers will only use personal information that is relevant to provide their service.