The PKIFED is a first Pakistan Identiy Federation consisting of education and research entities (including and not limited to institutions of higher learning, research institutes, colleges, and partner organizations) in Pakistan, who are users of academic e-resources, and organizations and companies (including and not limited to publishers, cloud service providers, public service departments, and other partners) who are providers of such e-resources. By mutually trusting rules/policy stipulated by the PKIFED Federation, organizations will be able to utilize federated access among each other. Once the federated authentication is implemented, Web Single Sign-On (the mechanism where a single ID and password permit a user to access all systems on the web) will be enabled; thus create an environment where a user can access other institutional and commercial services using a single password and without the need to re-enter the ID or password for as long as the session allows it.
Most publishers use IP filtering as de facto standard for authenticating authorized users in subscribing institutions and providing access to e-resources to them. While IP-based access is most convenient, safe and hasel-free authentication mechanism for publishers as well as for subscribing institutions, it has its limitations. One of the most serious limitation of IP-filtered access to e-resources is that the users can access e-resources only when they are on the Institute campus. Ideally, an authorized user should be able to access e-resources irrespective of his / her physical location at any time as long as he has access to the Internet.
In order to overcome this limitation, the Pakistan Identity Federation (PKIFED) has adopted Shibboleth, a standard-based open source software, for authenticating authorized users from institutions and provide them seamless access to e-resources from anywhere, anytime. Shibboleth offers a mechanism for users to access multiple resources within a federated single sign-on framework. The goal of the PKIFED is to allow users to access internal and external resources seamlessly using a single, institutionally controlled identity. This would not only allow authorized users to access e-resources from anywhere, anytime but would also circumvent the requirement of maintaining multiple passwords for multiple resources in multiple domains.