Swiss edu-ID Deployment 2017 – 2020

Project for Deployment Step 1 in 2017 submitted

Meanwhile SWITCH has submitted – together with 7 institutions – a project proposal for the deployment of Swiss edu-ID during 2017 to swissuniversities. The participating universities EPFL, FHNW, UNIFR, UNIGE, UNIL, UNISG and ZHAW intend to analyse their options in order to generate optimal benefit by the use of Swiss edu-ID and for choosing an appropriate way for the integration within their systems and processes.

plan_2017-2020.jpg
Planned deployment steps 2017-2020 with entry points for universities

Develop an individual migration plan first

The migration is a required step for all organizations served by SWITCHaai to unleash the full potential of Swiss edu-ID. Swiss edu-ID offers more interfaces to and from the systems of the Swiss edu-ID participants. Therefore a cooperative identity management approach might deliver additional value by being more efficient and covering additional identity management use cases, e.g., by triggering specific identity management workflows at connected sites. Such opportunities have to be evaluated by institutions relating to their general system development and the migration plans.
But planning is only the first step for an organisation. SWITCH intends to submit follow-up projects in the upcoming years (2017-2020). This approach allows universities to find a suitable entry point to start preparation and afterwards the migration to Swiss edu-ID.

plan_2017
Project plan 2017 (simplified)

SWITCH will provide generalised findings of all migration plans from this project to ease individual migration planning steps for organizations following later.

Improve functionality continuously

Whereas organisational “Migration Strategy” work packages are foreseen for the planning of future organisational migrations to Swiss edu-ID, the “Functional Upgrade” work packages extend the features of the Swiss edu-ID in line with stakeholder requirements. They deal with identifying or piloting measures to deliver additional benefits carried out by a subset of the partners and with the implementation of prioritized features requiring additional effort to be deployed for organisational migrations. Thoas work packages are:

  • Support for usage of AHVN13: Analysis of current usage, legal implications and technical approaches, description of solution (FHNW & SWITCH)
  • Privacy and Data Security: Analysis of restrictions for storage and exchange, of technical methods, and description of processes to grant data economy and legal accuracy (EPFL & SWITCH)
  • Uniqueness: Implementation of duplicate prevention (on the fly and in batch mode) and resolution process involving end users
  • Credential Management: Comparison of password policies, implementation of harmonization framework, user workflows for password selection and second factor
  • 3rd Party Vetting: Implementation of vetting mechanisms for increasing quality of name attributes and passport number by 3rd parties
  • Group Management: Allow management of arbitrary flat groups defined by end users (with Grouper), delivery of an affiliation attribute and integration with an attribute provider mechanism

Further components as well as organisational migrations should be included in subsequent applications for the following deployment steps in 2018-2020.