Leave a comment

Swiss edu-ID Deployment: Next Steps

Project for Deployment Step 2 in 2018/19 submitted

Within this next project phase – once approved by swissuniversities – the first three universities will implement SWITCH edu-ID:

  • Université de Lausanne
  • Universität St. Gallen
  • Zürcher Hochschule für Angewandte Wissenschaften.

They’ve developed their individual integration plan during 2017 (Deployment Step 1). As the other four participating universities they have considerably contributed to elaborate and sharpen adoption scenarios for linking of new and current members and for managing affiliations.

Eleven universities will start implementation planning: Berner Fachhochschule, FernUni, Fachhochschule St. Gallen, Haute école spécialisée de Suisse occidentale, Hochschule Luzern, Hochschule für Technik und Wirtschaft Chur (HTW Chur), Pädagogische Hochschule Bern, Pädagogische Hochschule Schwyz (PHSZ), Université de Neuchâtel and Zürcher Hochschule der Künste.

Continue reading


Leave a comment

The Transition of a University to edu-ID

In 2017, seven universites have started planning their adoption of SWITCH edu-ID. Together with the edu-ID project team each university organized 2-4 workshops to elaborate an individual integration concept and to determine a time schedule for the transition.

It was no surprise to see that the IT landscape and identity management (IdM) processes of the universities are fairly different. Based on the workshops we were however able to identify and document a few major categories which may serve as source of ideas for other universities.

Continue reading


Leave a comment

Trust & Identity WG Meeting: Register now

SWITCH invites you on Wed, 14 March 2018 to the 1st Trust & Identity WG Meeting in Berne.

The intended audience of this event are administrators of either an Identity Provider or Service Provider registered in SWITCHaai as well as the SWITCHpki registration authority operators. The participants will gain more insight into the technical details that support the seamless adoption of the SWITCH edu-ID service.

Registration is open until Wed, 7. March 2018 and required for logistical reasons. Refer to the registration page for the draft agenda and schedule.

Main topics

  • The new SWITCH edu-ID Service Description
  • An Organization adopts SWITCH edu-ID
  • Single digital identity and multiple affiliations
  • What happens when a current affiliation ends?
  • “SWITCH edu-ID behind the scenes”
  • Custom-tailor the SWITCH edu-ID service for your SP
  • Think about data protection
  • Secrets of the SWITCH edu-ID password
  • Interfederation Update
  • Single Logout
  • SWITCHpki News
  • SWITCH edu-ID Liaisons
  • SWITCH edu-ID Roadmap

What’s the SWITCH Trust & Identity WG?

The SWITCH Trust & Identity WG is a new forum in analogy to the well established SWITCH Network WG or the SWITCH Security WG, which you might have heard of before.
The newly formed Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of these two services and has the opportunity to provide feedback if there are questions or changes upcoming.

Relationship to other SWITCH events

  • The Trust & Identity WG Meeting replaces the earlier SWITCHaai update events.
  • The SWITCH edu-ID update event is planned for early summer and will focus on the migration projects and less on technical issues.


Leave a comment

Sending Users on the Right Path

In a previous blog post we presented how AAI Service Provider (SP) administrators can customize the edu-ID registration and login pages individually for their service. However, an SP administrator can not only brand the edu-ID pages with a custom logo or custom text but he can also influence the process itself used when users register, login or when they complete their account data. Examples of such process modifications are:

  • To send a user automatically to a specific URL after registration or login
  • To make a user first provide a specific verified or unverified attribute (e.g. mobile number or home postal address) and then send him back to the service

Both of these example scenarios have been used for instance by the Swissbib service for several months. Swissbib users sometimes have to provide a verified mobile number and/or postal address before they get access to national license content, which – by agreement – should be only available to residents of Switzerland.

So, how can an AAI SP administrator customize the edu-ID processes to implement the above and more scenarios? All that is needed is to send the user on the right path, or rather to the right URL. For all those not wanting to get familiar with the technical details of how these URLs have to be composed to achieve a certain process change, we have created a useful tool that makes the URL generation very easy: The edu-ID Login Link Composer.

Screenshot edu-ID Login Link Composer

Screenshot of edu-ID Login Link Composer

The edu-ID Login Link Composer consists of a form with several inputs that are used to generate a link which triggers the requested behaviour. The user then just has to be sent  to the generated URL to start the process.

Try out the edu-ID Login Link Composer with your own AAI service.


Leave a comment

SWITCH adopts edu-ID

Wait!? We all know that SWITCH develops edu-ID – so what does adopting edu-ID mean?

It is true that SWITCH as the operator of the AAI federation develops edu-ID. On the other hand, the organization SWITCH with its IdP is also a SWITCHaai Home Organization in the AAI federation. In this post we will describe how the organization SWITCH integrated edu-ID, allowing it to turn off its own IdP.

Continue reading


Identity Management Evolution

What does it take for a university to adopt the SWITCH edu-ID? This is the question SWITCH and seven partners (EPFL, FHNW, UNIFR, UNIGE, UNIL, UNISG and ZHAW) are addressing in the project “Swiss edu-ID Deployment Step 1” as part of swissuniversities’ program «Scientific information». The project advanced nicely and would justify an article on its own. But let’s draw your attention to an interesting side product of this project: we learned how electronic identities are managed in our community – and how the approaches are evolving over time and why.

Continue reading