SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.


by Leave a comment

ZHAW has switched to edu-ID – with around 20,000 people!

The Zurich University of Applied Sciences (ZHAW) is using SWITCH edu-ID as replacement for the former AAI accounts and IdP since October 18. With currently around 20,000 persons with ZHAW affiliation, it is the largest university to date to use edu-ID.

Planning and reality

The ZHAW is one of the “Early Bird” universities that have already started planning the transition in 2017. The ZHAW coined the term “script cemetery” – a term for IdM processes that are based on many scripts difficult to maintain. The university therefore decided to replace its existing IdM. The edu-ID planning was part of this redesign project. Right from the start, the project manager succeeded in bringing all relevant stakeholders together at one table and also involving the departments where necessary, so that the migration plan was available in February 2018.
Continue reading


by Leave a comment

Applying for Medical School using SWITCH edu-ID

Anyone wishing to begin studying human medicine, dentistry, veterinary medicine or chiropractic must register online with swissuniversities.

Since this year, authentication is exclusively done with SWITCH edu-ID on the Medon registration platform. Thus Medon uses a unique feature that was introduced with edu-ID in the Swiss AAI federation: anyone can create an edu-ID account and use it in the context of academic services.

Continue reading


by Leave a comment

eduroam goes edu-ID

eduroam.ch launch, with cake

eduroam is the well known and widely used, worldwide high-performance wifi access service from GÉANT. Eduroam profiles for a large variety of end user devices are now also available on the eduroam.ch portal.

Today, on 1st December 2019, the eduroam.ch service enters its pilot phase. Within the four months to come, SWITCH will find out whether this enduser-friendly service actually responds to a need of the Universities or not. eduroam.ch uses your SWITCH edu-ID for authentication, and lets you download a profile for each of your devices in a user-friendly way. These profiles are somewhat special in that they solve a typical BYOD problem. Today’s profiles obtained by eduroam.ch won’t connect you to inner V-LANs, but only to a generic or “guest” V-LAN, as on any other Campus.

Two Universities joined the pilot already right at the beginning. Others, as well as further organisations like e.g. Alumni associations, may join during the whole pilot phase until 31. March 2020. Participation in the pilot is free, and Universities can use this service in parallel to their specific existing eduroam profiles and infrastructure.

Organisation wanting to join, contact us at eduroam-support@switch.ch. The same contact point answers also all further questions you may have about the service.


by

Secrets of the edu-ID passwords

Since a few months now, edu-ID users  can secure their account with multi-factor authentication (Two-Step Login). However, currently 99.5% of all edu-ID accounts still rely exclusively on username and password authentication. It is unlikely to quickly change soon in the near future, despite the death of the password has been announced time and time again. The password remains the easiest, best known and – in many cases – the cheapest authentication solution. Therefore, the edu-ID team invests a lot of effort into assisting users to choose a strong password and to store it securely. Continue reading


by

University of St. Gallen has adopted SWITCH edu-ID

On July 17 2019, the University of St. Gallen and SWITCH have flipped the switch.
From now on, members of the university will use SWITCH edu-ID accounts to access federated services.
Armin Schibli, Thomas Köppel and Thomas Mesaros drove the project forward and ensured the successful implementation in St. Gallen.

One of the early birds

The University of St Gallen was one of the first planning phase participants in 2017 and therefore, ready to start planning at a time when not all components of the SWITCH edu-ID service were available and no clear paths for adoption had been defined.
Nevertheless, the IT team was ready to accept the challenge and held intensive discussions with SWITCH and the local stakeholders to find the best suitable way to adopt SWITCH edu-ID. The result was what we internally call “the St. Galler model”.

Continue reading


by

NOT for university members only

FHNW e-media offering for teachers uses Shared Attribute API

In principle open

Openness is one of the promises made by SWITCH edu-ID. In recent years, universities have increasingly opened up to additional user groups such as continuing education students or MOOC participants. Cooperation with external parties is becoming increasingly important overall, be it with other universities, research institutions or partners from the private sector. Academic institutions are expanding their offerings, and not every person who makes use of university services has to become an official member of the university.

But that’s why you let everyone in?

However, most service providers do not simply want to blindly trust a self-declared identity that users bring with them (i.e. a “naked” edu-ID).
There are many reasons why one wants to protect applications and content from unauthorized access, e.g. to prevent data theft or manipulation or to comply with data protection or license regulations. And if abuse has taken place despite all precautions, one wants to be able to find out who one can hold liable for damages. Of course, this can be difficult with unchecked identities, even if the majority of users behave correctly and have provided the correct personal data for their digital identity. So is this a reason not to trust edu-ID identities?
Continue reading