Higher Education eXternal Attribute Authority (HEXAA) is an attribute authority and aggregation service developed and maintained by MTA SZTAKI and NIIFI. It has been developed by an eponymous Open Call project within the GN3plus project and is currently supported by the institutions that developed it.

HEXAA is primarily an external attribute provider, meaning a third party providing attributes on top of the attributes provided by the IdPs.

• Tailored to VO Management

• Storage of non IdP dependent attributes

• Attribute release consent management

• Automations available triggered on changes

HEXAA can act also as an attribute aggregator, providing attributes from external (external from HEXAA) sources (e.g. ORCID).

HEXAA at the moment does not implement full VO membership life cycle management, such as attribute expiration.

HEXAA supports SAML2 protocol for attribute queries and user authentication.

HEXAA has a user interface focused on improving the VO Management, but it can be used to store every type of attribute.

Besides the standard SAML interfaces, HEXAA also exposes a REST API providing the following pieces of functionality:

1. Retrieving short-time tokens for principals;

2. Retrieving the attributes of a principal associated with a service.

The tokens can be used for accessing API functions. Every token is bound to the requesting user interface; therefore it is possible to restrict access to some API calls.

HEXAA has been designed to support VOs as main use case. HEXAA has no attribute management delegation capabilities, VO managers manage (i.e. configure and approve requests) the whole set of attributes of the VO.

• PHP
• SimpleSAMLphp
• MySQL
• Apache

HEXAA can be either deployed (available on GitHub with installation instructions) in a local instance, or used as a service in the installation currently operated by SZTAKI.

The GN3plus project that was originally supporting HEXAA ended in March 2015. Since then, the software has been supported by the SZTAKI and NIIFI institutes.