This week, the project Swiss edu-ID mobile App was started with its kickoff meeting in Zurich. All involved participating institutions were represented: HTW Chur (project lead), USI, FHNW and SWITCH.
While SWITCHaai is very well suited for web-based services, it has always been difficult to deal with services that are implemented as native applications on mobile devices. With Swiss edu-ID it is planned to also support authentication and authorization protocols for non web-based services. A good candidate is OpenID Connect, which is already used in existing mobile apps to authenticate users.
The Swiss edu-ID mobile App project goes one step further. One of its aims is to develop a central authentication app that is running on a user’s mobile device. It acts as a personal identity manager for other apps on the mobile device to connect to the SWITCH community’s academic services. Let’s take as an example a mobile flash card app. The user authenticates the gateway with it’s Swiss edu-ID, and gets a list of compatible academic services, that can provide flash card training data for this user. The user chooses the appropriate academic service and starts using the flash card app.
Here are the benefits of the Swiss edu-ID mobile App for the various stakeholders:
- for users: one central control dashboard on the mobile device, where access to personal data on academic services can be granted or revoked
- for app developers: a common intermediate layer that simplifies the development of the authentication process and gives access to services via standardized APIs
- for service operators: exposing their services and personal data to mobile devices in a fully secured environment
The project is funded by the federal programme SUC P-2 Scientific information: accessing, processing and saving, and is running until end of 2017.
Great News! I have some concerns: What is the idea of a centralized app if other apps can neither access the settings/data nor get notified about changes (Sandbox principle in iOS…)? Also User Experience of the login process/error handling is central for App developers, as Apps, implementing the standard, might otherwise be rejected by Apple (apps are for instance not allowed to jump to external space and back during login process).
(I’m posting this reply on behalf of Christian because of a login problem with wordpress. Rolf)
Hey Andrea, great that you like our little project. The idea of having a central authentication app is to give users more control about which apps they give what kind of access. You are correct that apps cannot access the sandboxed stores of other apps on iOS, but it does not mean that apps cannot exchange data – there are even APIs for this task, but they work slightly different than what you seem to have in mind. So you don’t need to worry that your apps might get rejected by Apple if you want to link to a Swiss academic service. We keep you posted with more news and details on the project, soon.
Christian