The aims were to describe IdM related processes in detail, to describe interfaces and to identify pilot applications for the Swiss edu-ID.
Chapter 1: working group (members of ETHZ, FHNW, UNIBAS, UNIBE, UNIFR, UNIGE, UNIL, UZH, ZB have participated) and its goals.
Chapter 2: outcomes as IdM challenges, current institutional IdM environments, pilot options at institutions, expectations, requirements for Swiss edu-ID, risks, recommendations for the development and legal framework implications.
Chapter 3: institutional reports (not publicly available; only distributed to members of the SWITCH community on request).
We can briefly summarize the outcome of the WG as follows:
- Current systems at institutions are very robust but sometimes also heterogeneous.
Every institutional system landscape is unique. In common is the use of Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
- The following features should be implemented as soon as possible:
- Interfaces/API for integration of Swiss edu-ID into existing local applications (e.g. Self-registration)
- Verification of identity (support of different assurance/trust levels)
- Identification of inactive users
- Support attribution of access rights (with specific attributes -> basic roles)
- Duplicate checks etc. to grant Uniqueness of Identity
- Put legal framework and governance model (including audits) in place
- Binding rules & process for changes of core attributes (as name, based on role)
- Validation rules (accepted and controlled)
- Attribute history (time-stamps already implemented)
- Pilot options have been detected for
- self-registration processes (future students, guests, continuing education participants)
- access to applications for former institutional members (e.g. e-portfolio, SWITCHdrive, career center or Alumni organization services),
- additional verification of identities/use of trust levels (libraries)
- also pilot ideas for tests with Attribute Authorities within the new infrastructure and handling of new attributes (e.g. diploma information, learning batches etc.) should be developed further.