SWITCHaai Transition to Shibboleth Identity Provider v3 is 80% complete

Back in May 2015, the Shibboleth Consortium announced July 31st 2016 as end-of-life date for the IdPv2 code base. A redesigned IdPv3.1.1 is available since March 2015. One month later, SWITCH announced the initial version of the SWITCHaai specific IdPv3 installation guide. In June and September 2015, SWITCH offered well-attended IdP training courses [4] on how to configure IdPv3. Since then, the number of IdPv3 installations has gradually increased to the 80% level it reached just at the beginning of the autumn semester 2016.

The vast majority of the IdP administrators have installed, configured, tested and finally integrated the new version into their production environment. A big thank you to all of them that they gave their time to upgrade. Many administrators provided us valuable feedback on the IdP installation guide so that we could continuously improve it over time.
Several organizations decided to adopt the IdP Hosting service SWITCH offers instead of upgrading their own local installation. Today, SWITCH runs 17 production IdPs on our IdP hosting platform, including the ones for Swiss edu-ID, the Virtual Home Organization (VHO) and the IdP for the SWITCH staff members.

From about half of the remaining eleven IdPv2 instances we know that they will migrate to IdPv3 in the next few weeks. So hopefully by the end of 2016 almost everyone will have completed the transition.

The US InCommon Federation from time to time analyses the metadata of the eduGAIN interfederation service and publishes an interesting statistic on how many of the interfederation enabled IdPs are based on the Shibboleth open source software and run on IdPv3 or still on IdPv2. These numbers show that the percentage of IdPv3 in SWITCHaai is pretty high compared with most other federations listed.


Verify your Private Postal Address

The Swiss edu-ID is a user-centric identity. This means that the identity is managed by its owner who directly provides many pieces of identity information in the personal profile.

But can a user be trusted? Will users provide correct personal information for their Swiss edu-ID?

Although users rarely have a interest in providing wrong personal information about themselves, the answer to the above question is no. For this reason, Swiss edu-ID has implemented various processes to verify user information. All email addresses and mobile phone numbers are directly verified when a user enters them in the personal profile.

As of today, users also can have their private postal address verified.

Unverified addresses are marked by a grey verification icon with red question mark

Screen Shot 2016-09-01 at 13.37.30.png

Klicking the green arrow starts the verification process. A few days later, the user will receive a letter (yes – a real one on paper!) at the specified postal address with an activation code. After the user has entered the code in the Swiss edu-ID profile the address is verified. This is reflected with a golden verification icon in the profile

Screen Shot 2016-09-01 at 13.42.31.png

The first service relying on this new feature is the  National Licenses project of the Consortium of Swiss Academic Libraries. Their aim is to give private individuals access to scientific publications. The publishers of scientific publications require some sort of proof of a user, that he/she is living in Switzerland. By relying on the verifications done within the Swiss edu-ID the national licenses service does not have to implement its own verification processes.

Save