The working group “Mobile App Support” has completed its final report.
The aims were to describe requirements of institutions/users, discuss ideas for better mobile support, evaluate existing solutions and options for pilot projects.
The report describes relevant mobile applications used/developed at the participating institutions, mentions possible benefits for mobile applications using Swiss edu-ID, identifies common mobile frameworks, lists general requirements and possible pilot candidates for Swiss edu-ID.
Support of mobile applications is a must but not a high priority on the roadmap of the Swiss edu-ID project. Only few applications could be identified as valuable pilots since many of the used mobile applications do not need authentication or have already realized local authentication solutions.
Some institutions focus on web applications that can be AAI-enabled, given that resources and expertise for native application development may be limited.
Most promising idea for a pilot is the one of a broker/authentication application supporting authentication for several mobile applications via Swiss edu-ID (comparable to social logins like Twitter accounts beeing used by other applications to authenticate users). An authentication app could also be used to authenticate at the same time against a mobile application and its server part (e.g. Moodle Mobile application and Moodle web server).
Those options will be investigated further by the eduhub Special Interest Group Mobile Learning.
The aims were to describe IdM related processes in detail, to describe interfaces and to identify pilot applications for the Swiss edu-ID.
Chapter 1: working group (members of ETHZ, FHNW, UNIBAS, UNIBE, UNIFR, UNIGE, UNIL, UZH, ZB have participated) and its goals.
Chapter 2: outcomes as IdM challenges, current institutional IdM environments, pilot options at institutions, expectations, requirements for Swiss edu-ID, risks, recommendations for the development and legal framework implications.
Chapter 3: institutional reports (not publicly available; only distributed to members of the SWITCH community on request).
We can briefly summarize the outcome of the WG as follows:
- Current systems at institutions are very robust but sometimes also heterogeneous.
Every institutional system landscape is unique. In common is the use of Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
- The following features should be implemented as soon as possible:
- Interfaces/API for integration of Swiss edu-ID into existing local applications (e.g. Self-registration)
- Verification of identity (support of different assurance/trust levels)
- Identification of inactive users
- Support attribution of access rights (with specific attributes -> basic roles)
- Duplicate checks etc. to grant Uniqueness of Identity
- Put legal framework and governance model (including audits) in place
- Binding rules & process for changes of core attributes (as name, based on role)
- Validation rules (accepted and controlled)
- Attribute history (time-stamps already implemented)
- Pilot options have been detected for
- self-registration processes (future students, guests, continuing education participants)
- access to applications for former institutional members (e.g. e-portfolio, SWITCHdrive, career center or Alumni organization services),
- additional verification of identities/use of trust levels (libraries)
- also pilot ideas for tests with Attribute Authorities within the new infrastructure and handling of new attributes (e.g. diploma information, learning batches etc.) should be developed further.