Month: February 2015

The development of the Swiss edu-ID v1.0 is now completed and a thorough testing phase is started.

The test phase is restricted to SWITCH staff. A larger public will be able to use the Swiss edu-ID after it’s release on March 1st 2015.

The first Swiss edu-ID working group has completed its report. The aims were to determine the relevance of the ORCID identifier for libraries, unversities and publishers and to identify pilot applications for the Swiss edu-ID.

Chapter 1 summarizes the relevance of ORCID for the institutions who participated in the working group (ETHZ, MDPI, SNF, UniBE, UniGE, UZH, ZB) while chapter 2 describes ORCID in more detail and compares it with other relevant identifiers. Chapter 3 describes in detail the ORCID-related plans and thoughts of the participating institutions. Chapter 3 will not be publicly available and is only distributed to members of the SWITCH community on request.

We can briefly summarize the outcome of the WG as follows:

• ORCID is percieved as a promising initiative with broad support from academic institutions, libraries and publishers world-wide
• Only a small fraction of researchers and authors actively use their ORCIDs in publications, and it is estimated that ORCID will be accepted only slowly.
• About one third of the WG participant’s institutions have concrete plans to use ORCID in their systems, about one third have made their first steps and the last third does not have plans to use ORCID.
• A verified ORCID attribute is estimated to be a valuable addition to the Swiss edu-ID attribute set.

The public version of the ORCID report is available for download in the documents section.

Today, SWITCH hast submitted a follow-up project (phase II) to the current Swiss edu-ID project which is running until end of July 2015. The aims of phase II are

• successful operation of Swiss edu-ID v1.0 and its use cases from phase I
• implementing the Swiss edu-ID v2.0 service with the main new features
  • connecting the Swiss edu-ID platform to institutions to enable attribute exchange
  • support for authentication protocols beyond SAML that allow for mobile integration
• continue the successful involvement of the community in working groups and through information events

The project proposal is now under review at swissuniversities. A decision of the program committee is expected in July 2015.

Project Abstract

New national services being developed within the frame of the CUS P-2 project will in almost all cases require reliable identity and access management (IAM). The Swiss edu-ID addresses that need, by providing a comprehensive IAM service framework to all relevant players: universities, individuals and service providers.

The SWITCHaai is a well-established IAM solution for the Swiss universities that places identity management under the responsibility of the participating universities and allows for effective resource sharing across organisational borders. However, this approach has several drawbacks:

• University members with multiple roles or jobs are assigned multiple electronic identities, which need to be managed individually.
• Individuals lose their electronic identity when they change role or affiliation and are unable to recover the same identity if it is needed at a later date.
• Individuals collaborating with universities, but without a strong affiliation with one of those universities are not issued such an organisation-centric identity. Almost all resources need to manage this potentially large user group without SWITCHaai support.
• The existing SWITCHaai service is not perceived to support mobile and other non-web environments adequately.

The Swiss edu-ID is addressing those shortcomings. It does it by building on the very successful SWITCHaai, but changing/extending it in several ways. In the predecessor project “Swiss edu-ID” the basis for a successful continuation was set by completing the Swiss edu-ID high-level architecture, by implementing Swiss edu-ID V0.5 with a new set attributes, and by conducting a market overview of access management platforms. The first important change is delivered by the Swiss edu-ID v1.0 service:

• All individuals collaborating with our community can get a Swiss edu-ID identity, regardless of whether a user is currently affiliated with an organisation in our community or not.

The project „Swiss edu-ID Phase II“ described in this proposal will implement the Swiss edu-ID v2.0 service with those two additional features:

• The Swiss edu-ID will carry up to date information about roles and affiliations within the academic community. This information will be provided by those member organisations themselves.
• The Swiss edu-ID will support the most promising protocols for mobile integration.

Services wishing to make use of the functions offered by the “Swiss edu-ID” will receive consultancy services from the project, get access to the Swiss edu-ID service and the project will seek ways to support use cases needing adaptations or extensions to the existing services. Specific integration work at the user side, however, is not within scope and should be provided by the respective user service. Project management will take appropriate steps to evaluate requests for functional extensions within the governance structures.

In November 2014 SWITCH has carried out a Request for Information (RFI) to gain a market overview of IAM frameworks that match the requirements of the Swiss edu-ID project. A total of 11 companies have handed in one or two solution proposals. Five companies were invited in Dec ’14 to personally present their proposal.

The principal findings of the RFI are:

1. The building blocks access management (AM) and identity management (IdM) have to be evaluated seperately. It is advisable for the Swiss edu-ID project to first select the appropriate AM framework.
2. For the AM framework the two most promising alternatives are
   • Build the Swiss edu-ID on the current (SWITCHaai) Shibboleth infrastructure, and extend Shibboleth to support new AM-protocols. On this natural evolution path, it is easier to provide compatibility with SWITCHaai.
   • Build the Swiss edu-ID on the commercial open-source product ForgeRock. This ia a disruptive approach with would allow to take advantage from a bunch of new funcionalities of a new product.

The details of the RFI results are documented in the following reports, which can also be found in the documents section:

• RFI procedure and results: of the Swiss edu-ID project team. This is the public version without details about the participating vendors and their products. A confidential full version is available for SWITCH community members on request.
• Swiss edu-ID with Shibboleth: a comparison of Prof. Gerhard Hassenstein of Sibboleth and commercial AM solutions

The next steps are to pilot the two alternative AM approaches (Shibboleth vs. ForgeRock) and choose one of them until summer this year. Once the AM platform has been chosen, SWITCH plans to conduct a RFP for a complete IAM solution that includes the AM and IdM building blocks.