Two-Step Login Changes

An increasing number of services and universities require edu-ID users to verify their identity with an additional factor in a process called Two-Step Login or Two-Factor Authentication.

One year ago, about 5% of all users had enabled this secure login method. As of today, this number has tripled to 15% of all 930’000 edu-ID users.

This is great news from a security point of view and has led to the following two changes that were introduced end of August 2023.

Continue reading “Two-Step Login Changes”

First step towards passwordless login: Username first!

A lot of identity providers, including Google, Microsoft and Apple, ask the users for their username first, and then proceed to the password input in a follow-up step – if at all! The future world will be passwordless. So it won’t make sense to gather any password in the future.

The edu-ID login has caught up to get ready for a passwordless world. As of 9 August 2023, the edu-ID login window has changed so that users first need to enter their e-mail address. In a next step, they enter their password.

This is an important change to support Passkeys for the edu-ID login in the near future. Users having Passkeys enabled will enter their username and then log in with their Passkeys instead of their password. That is, the edu-ID login first needs to know the user in order to decide which login method is the user’s preferred one.

We are sure that edu-ID users will embrace this new process as most of them are already familiar with it from other identity providers.

 

New simplified edu-ID integration for organizations available now

The integration of the edu-ID previously required the implementation of two small software components on the university side:

    1. the linking service with which the edu-ID account of a person is linked to the internal account at the university,
    2. and the attribute synchronization with which the university manages the affiliations in the edu-ID accounts.

A new integration method is now available that does not require the development and operation of software at the university. Continue reading “New simplified edu-ID integration for organizations available now”

700’000 reasons to celebrate

Just in time for the yearly Trust and Identity Workgroup meeting the barrier was broken mid May. To celebrate the 700’000th edu-ID user account the trust and identity team had, however, to wait a few more weeks, because several team members were on vacation at that time. But it’s never too late for cake 😀

We hope to soon celebrate the cake for 800’000 accounts when University of Zurich, ETHZ, EPFL and other universities adopt edu-ID in the coming months.

Trust & Identity Meeting 2022

SWITCH invites you on Wednesday 18. May 2022 to the Trust & Identity Meeting 2022, held as a hybrid meeting, on premise in Zurich as well as online.

Registration is open until Monday, 16. May 2022.
There you will find as well the draft agenda and meeting topics.

Details (links etc.) will be provided 48 hours in advance to registered participants.

The event is aimed at the following target groups:

  • IdP, SP and RP Administrators
  • Home Org Administrators
  • RRA & Attribute Policy Administrators
  • IdP hosting customers and
  • IT staff with interest in PKI, eduroam, authentication and authorization

for both – Swiss universities that already adopted SWITCH edu-ID and the ones that haven’t yet.

The life of an edu-ID account

Lifelong learning benefits from lifelong user accounts. SWITCH edu-ID accounts are such lifelong user accounts. However, lifelong sometimes does not mean forever, which may be a surprise in this context. Why is that so?
Due to data privacy laws a life long account is – like a lifelong prison sentence – not for all eternity. At some point an account is deleted or archived even though its owner is still alive and well.

Continue reading “The life of an edu-ID account”

SWITCH edu-ID continues to grow

Last week the 600’000th member of the Swiss academic community registered for a SWITCH edu-ID account.

SWITCH is pleased to see an increased adoption of this service, as currently more than 1000 accounts are opened up per day.

Of course, this fact was again a good reason for a short break at the SWITCH offices, with a tasty cake once more.

 

 

Swiss E-ID, take two – SWITCH takes a stand

After a surprisingly clear defeat of the e-ID proposal in the national referendum early March 2021, the federal administration presented plans for a new attempt a month ago with a discussion paper on the target vision for an e-ID (DE, FR).

SWITCH is taking a stand and handed in a position statement end of September 2021 on this discussion paper in German: Stellungnahme SWITCH Zielbild E-ID final_sig.

Continue reading “Swiss E-ID, take two – SWITCH takes a stand”

The project is finished – but we’re still on the ball!

When the national cooperation project “Swiss edu-ID” – supported by swissuniversities – started in 2014, it was clear that it would not be a walk in the park. Replacing a system like SWITCHaai that is running very well since more than a decade is not easy. Universities have to be convinced of the new solution – both in terms of technology and benefits – and also have enough time and resources to implement it.

With the Swiss edu-ID project, a major conceptual change from a decentralized authentication infrastructure to a centralized one was planned. This creates stronger dependencies. A stable basis of trust and smooth operation were important prerequisites. In parallel with the universities’ efforts, SWITCH therefore continued to expand the service and took measures to ensure performance and fail-safety.

Continue reading “The project is finished – but we’re still on the ball!”

edu-ID for Private Library Customers

It is with great pleasure that we can report the next milestone in the development of the SWITCH edu-ID.

As you know, most of the Swiss university libraries launched the joint library platform Swisscovery in December last year. All university members can log in to Swisscovery exclusively with edu-ID.

However, many libraries have a service mandate not only for universities but also for private users. This means that authorisation via edu-ID had to be extended so that users who are not enrolled at a university can also use library resources.

Continue reading “edu-ID for Private Library Customers”

User-centricity is the right way to go

Pierre Deshayes, team leader and expert engineer “Infrastructures and Systems» at University of Geneva, explained at the SWITCH edu-ID update event (slides) how the change from AAI to SWITCH edu-ID took place.
Here is a summary:

A special IdP setting at University of Geneva

“Since February 25, 2021, the approximately 36,000 members of the University of Geneva have been able to use SWITCH edu-ID for all federated web services. The situation turned out to be somewhat more complex in Geneva than at other universities, because nowhere else was the local Shibboleth IdP used as extensively as here: All authentication – external and internal – went through this one identity provider. With the use of SWITCH edu-ID’s central IdP, this type of single sign-on was no longer possible. It was therefore necessary to weigh up the advantages and disadvantages and ensure that operation with external authentication would continue to function smoothly and in compliance with data protection requirements. Various questions led to answers, which SWITCH was able to make available to other universities in the form of legal FAQs.

Convincing advantages

In the end, the following points tipped the scales in favor of the migration: The possibility of standardizing the registration process in the medium term and the user-centric approach of SWITCH edu-ID, which allows lifelong use of services from different universities with one account.

Continue reading “User-centricity is the right way to go”

SPNEGO (Kerberos) authentication with SWITCH edu-ID

Back in 2016, Daniel Lutz showed how the Shibboleth IdP can offer a real SSO feeling by reusing an already existing authentication token on domain-joined windows clients. SWITCH has now extended this concept in order to offer it to all organisations that have migrated to the SWITCH edu-ID.

Continue reading “SPNEGO (Kerberos) authentication with SWITCH edu-ID”

Looking back and forward (follow-up discussion)

As in 2020 we’ve organized the TRID WG meeting and SWITCH edu-ID update event as online meeting because of the COVID restrictions.
Nevertheless, around 70 members from different organisations have decided to participate, which of course makes us very happy.
Highlights were the guest contributions by Pierre Deshayes about the migration experiences at University of Geneva and Manne Miettinen about the edu-ID initiatives in Finland. You find the corresponding slides here.

Follow-Up Discussions

Many questions were asked, ideas were proposed and there was a lively exchange, which we would now like to deepen in follow-up discussions.
The first of these meetings will be held on June 23, 16:00-16:45. Then we will be happy to discuss “Authentication Methods: New methods? Parameter tuning” – the topic rated as the most important at the event.
If you would like to participate please register here.

We will communicate further follow-up discussion topics and meeting dates via this mailing-list and our website.