SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.


Leave a comment

BFH goes edu-ID

Monday, August the 3rd, 2020: The day starts with a big bang. Early in the morning, the engineers at SWITCH “flip the switch” (pun intended) and Berner Fachhochschule (BFH) has gone edu-ID.

Philippe Seewer, IT software engineer / IT architect at BFH, gives an insight into the preparatory work at BFH:

Significant changes are tough

Well, to be honest, it is probably more a loud pop than the proverbial start of the universe. Still, it is a change that affects pretty much everyone in our organization. For a long time, almost all publicly accessible non-Microsoft resources have used SWITCHaai as the method of choice for authentication. Among these is our own Moodle server – today an essential service for all courses. No access to Moodle does not necessarily mean classes would shut down, but it would undoubtedly be a lot harder.

Accordingly, we selected August for the switch on purpose. Although the bachelor/master semester start is a few weeks off, research and continuing education courses take place. However, since it is a bit quieter than other times of the year, this gives us at IT-Services the necessary time to implement significant changes.
Continue reading


Leave a comment

A fast track to edu-ID for PHZH

End of June 2020 PH Zurich has adopted SWITCH edu-ID.

Pascal Schmitt, team leader webcenter PH Zurich about this experience:

“With regard to the future library system solution SLSP, PH Zurich has decided to push the changeover from SWITCHaai to SWITCH edu-ID.

After the first technical workshop with SWITCH, it soon became clear that we would opt for a loose integration of edu-ID (linking after admission scenario) and that this would mean an easily manageable effort for us to implement the necessary changes.
A central identity management system was already in place at PH Zurich and it was only a matter of

  • connecting the affected edu-ID identifiers with the account information of the PH Zurich and to
  • extend some processes.

However, there was a challenge that we did not see from the beginning: In order to ensure compatibility with SWITCHaai – specifically that service providers already using SWITCHaai recognize a person even after the adoption of edu-ID – the former AAI ID must be written into the affiliation itself. This has to be taken into consideration when building a so-called linking service.

The tests ran all perfectly and the switch was made in no time.
Only 4 months passed from the decision to implement SWITCH edu-ID to the actual conversion. This fast changeover was also possible thanks to the good and timely support by SWITCH.”

Links:


Ensure secure SWITCHaai login: Turning off outdated security protocols

The TLS protocol secures the communication between a user’s web browser and a server running a web application. The user recognises a secured communication by the lock visualised in the web browser or the https prefix in a link.
The security protocols TLSv1.0 and TLSv1.1 are outdated and no longer rated as secure. Therefore, web server administrators should plan to properly protect their services by updating their web server configuration to require at least TLSv1.2.
To apply this security improvement to SWITCHaai including SWITCH edu-ID, SWITCH announces the upgrade in two phases.

Continue reading


TRID WG Meeting & SWITCH edu-ID Update Event: Look back and forth

This was the first time we could not meet in person at Berne. But still it was a very inspiring occasion for us to come together via SWITCHinteract on May 20.
Around 50 members of universities and related organisations have participated in this three hours online meeting with a very dense programme which illuminated various aspects of SWITCH edu-ID.

Our first keynote speaker Stéphane Recrosio (UNIFR) has provided insights about the adoption of SWITCH edu-ID at the university of Fribourg like planning, communication, support and do’s and don’ts as a result of the experience gained.

While the second keynote speaker Maarten Kremers (SURFnet) talked about the implementation of eduID in the Netherlands it became obvious that similarities to SWITCH edu-ID are probably not purely coincidental.

Beside those two presentations many topics could only be touched upon briefly due to the shortened programme duration, like SLSP status, Kerberos/SPNEGO, Office365, technical accounts, duplication handling, re-use of email addresses, small organisations, service description, eduroam.ch, edu-ID roadmap or AAI and PKI news.
The complete presentations are available here.

The current list of universities adopting SWITCH edu-ID is published on the SWITCH edu-ID website. Only 4 time slots are are still available in 2020.

We hope to see you again in person at Berne during the next Trust & Identity Working Group Meeting and SWITCH edu-ID Update event on May 19 May 26 2021 – please save the date!


The very last call for funding!

Update 6 May 2020/cg: Due to shifted priorities in the course of the COVID-19 pandemic, SWITCH decided to add an additional call for participation. This article – originally published in February 2020 – is now being republished with new timing information.

The Swiss edu-ID project has been running since 2014 and comprises several phases. The last phase starts in May July 2020 and is expected to last until the end of 2020 (Deployment Step 4.23).

In this phase, universities can again submit project applications for planning & migration to SWITCH edu-ID.

LAST OPPORTUNITY TO APPLY FOR FEDERAL FUNDING, which will be made available by swissuniversities within the framework of the P-5 programme.
DEADLINE FOR SUBMITTING APPLICATIONS IS 31 MARCH May 2020.

Eligible to apply are recognised universities which have already started planning work (regardless of whether this work has been completed so far or not).
The application should be made using the sub-project application form.
In the case of a migration project, the application is supplemented by a brief description of the scenarios and the procedure.
If you have any questions and in order to obtain the appropriate template, please contact eduid@switch.ch.

In the meantime, six universities and two other organisations have switched to SWITCH edu-ID. Various universities are already planning to switch from AAI to SWITCH edu-ID in 2020. Interested institutions should therefore announce their plans as soon as possible, so that SWITCH can coordinate the preparatory work and changeover date with them.


1 Comment

Behind the Scenes of SLSP and SWITCH

As we have announced in our blog post “SWITCH edu-ID as door opener for libraries”, SLSP officially launches its new library service in December 2020, which relies on SWITCH edu-ID for user authentication and user management. With several hundred thousand expected users it is likely that the SLSP service will become one of the most widely used services with edu-ID/AAI in Switzerland. Therefore, the SWITCH edu-ID team is actively supporting the SLSP colleagues to optimally integrate it with edu-ID.
In this blog post we describe a few technical details and extensions that the edu-ID team implemented with and for SLSP. Last but not least, there is also a hint on what organisations can do to facilitate access to the SLSP service for their users.

Continue reading


1 Comment

Update to the TRID WG Meeting / SWITCH edu-ID Update Event 2020

The Trust & Identity WG Meeting combined with the SWITCH edu-ID Update Event on Wed 20 May 2020

Registration is open until Friday, 8 May 2020 and mandatory (only registered users and accepted guests may enter the meeting room).

The event is aimed at the following target groups: IdP and SP Administrators, Home Org Administrators, RRA & Attribute Policy Administrators, IdP hosting customers and IT staff with interest in Microsoft / Office 365  for both – Swiss universities that still use SWITCHaai and those that have already switched over to SWITCH edu-ID.


What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of SWITCHaai/edu-ID and SWITCHpki and has the opportunity to provide feedback if there are questions or changes upcoming.


1 Comment

SWITCH edu-ID as door opener for libraries

In December 2020, the Swiss Library Service Platform SLSP goes live[1] after six years of preparation.
From then on, library users will use their SWITCH edu-ID account to register with their research libraries and catalogues. This is expected to affect between 0.5 and 1 million users – especially all Swiss university members.

Thomas_Marty_web

Thomas Marty (director SLSP)

“In today’s knowledge society, unrestricted and timely access to scientific information is of great importance. By guaranteeing access to diverse information resources, academic libraries play a central role in research and teaching at universities, but also in the lifelong learning of the population. SLSP sees itself as a service provider for all academic libraries and contributes to establishing a seamless flow of information for the knowledge society”.

Continue reading


Trust & Identity WG Meeting / SWITCH edu-ID Update Event 2020

SWITCH invites you on Wed, 20 May 2020 to the 3rd Trust & Identity WG Meeting combined with the SWITCH edu-ID Update Event in Berne – or if the specific situation persists online instead.

Registration is open until Friday, 8 May 2020 and required for logistical reasons.
Refer to the registration page for the preliminary schedule and meeting topics.

In case of presence we have foreseen to hold the program between 10:15 and 15:40.
If the event must take place online, we will shorten the program and run from 9-12, including a break.

The event is aimed at the following target groups: IdP and SP Administrators, Home Org Administrators, RRA & Attribute Policy Administrators, IdP hosting customers and IT staff with interest in Microsoft / Office 365  for both – Swiss universities that still use SWITCHaai and those that have already switched over to SWITCH edu-ID.


What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of SWITCHaai/edu-ID and SWITCHpki and has the opportunity to provide feedback if there are questions or changes upcoming.


1 Comment

SWITCH edu-ID reaching 200’000 users

After reaching 100’000 accounts in March 2019, we were able to report 150’000 accounts eight months later. And today, I have the pleasure to announce that SWITCH edu-ID counts now over 200’000th accounts.

Of course, we intented to stick with our tradition to celebrate new landmarks with a cake featuring the number of accounts and a photo with the team behind the SWITCH edu-ID. The cake was already ordered… and if things went as planned, you would now find its picture in this post.

But we needed to bring our plans in line with the measures against COVID-19. Therefore, we had to cancel the cake and change the way the team photo was taken.

For the time being – and if we trust the figures published by the WHO – we can still claim that there are more confirmed identities in the SWITCH edu-ID than there are confirmed COVID-19 cases worldwide (184’975).


Semester starts at UNIFR with SWITCH edu-ID

The University of Fribourg (UNIFR) has also been working with SWITCH edu-ID since 28 January 2020.

Do not let yourself be locked out!

With a targeted campaign, the University of Fribourg persuaded around 90% of its users to link their accounts before switching over to SWITCH edu-ID:

 

Poster and website campaign / Number of linked accounts and times of email dispatch

Continue reading


ZHdK starts the year 2020 with SWITCH edu-ID

Right at the start of the year on 8 January 2020, the Zurich University of the Arts (ZHdK) switched over to SWITCH edu-ID.

Smooth changeover thanks to good preparation and a high ‘linking’ success rate

Technically, everything was threaded perfectly and the changeover of the IdP went off without a hitch. After initialization and planning in 2018, the work could be started at the beginning of 2019 with the development of the connector, followed by the setup of the linking service and the migration of the IdP. The fact that everything went so smoothly was partly due to the fact that a large number of users had linked their accounts in time for the migration:

Target group Target value
Success rate
Students 60 % 67.4 %
Lecturers 60 % 68.5 %
Midlevel faculty 70 % 83.1 %
Staff 70 % 79.1 %
Externes 0 % 5.3 %

The communication measures were very successful with all target groups.
These consisted of a post in the Rectorate newsletter, a poster at the helpdesk, multiple e-mails sent to people without a linked account (maximum of three follow-ups and a final e-mail to users of the three most frequently used services), a message in the Rectorate newsletter shortly before the changeover, and detailed instructions on how to create and link the edu-ID account. E-mails were sent to the different groups of people in a staggered manner. This meant that support before and after the changeover to SWITCH edu-ID was uncomplicated and that the work involved was predictable and manageable.

Continue reading


ZHAW has switched to edu-ID – with around 20,000 people!

The Zurich University of Applied Sciences (ZHAW) is using SWITCH edu-ID as replacement for the former AAI accounts and IdP since October 18. With currently around 20,000 persons with ZHAW affiliation, it is the largest university to date to use edu-ID.

Planning and reality

The ZHAW is one of the “Early Bird” universities that have already started planning the transition in 2017. The ZHAW coined the term “script cemetery” – a term for IdM processes that are based on many scripts difficult to maintain. The university therefore decided to replace its existing IdM. The edu-ID planning was part of this redesign project. Right from the start, the project manager succeeded in bringing all relevant stakeholders together at one table and also involving the departments where necessary, so that the migration plan was available in February 2018.
Continue reading


Applying for Medical School using SWITCH edu-ID

Anyone wishing to begin studying human medicine, dentistry, veterinary medicine or chiropractic must register online with swissuniversities.

Since this year, authentication is exclusively done with SWITCH edu-ID on the Medon registration platform. Thus Medon uses a unique feature that was introduced with edu-ID in the Swiss AAI federation: anyone can create an edu-ID account and use it in the context of academic services.

Continue reading