In 2017, seven universites have started planning their adoption of SWITCH edu-ID. Together with the edu-ID project team each university organized 2-4 workshops to elaborate an individual integration concept and to determine a time schedule for the transition.
It was no surprise to see that the IT landscape and identity management (IdM) processes of the universities are fairly different. Based on the workshops we were however able to identify and document a few major categories which may serve as source of ideas for other universities.
From a technical point of view, three main tasks have to be accomplished to adopt SWITCH edu-ID at an organization:
One key question is how to register future members at the university. Users who already have an edu-ID identity will need to be linked to the newly created organizational identity. Users without edu-ID identity will create one during the registration procedure. As major categories, we have identified the three linking approaches before, at or after admission to the university.
A consequence of the adoption process is that the functions of the organizational SWITCHaai IdP are taken over by the edu-ID IdP. Hence, pure organizational SWITCHaai accounts cease to exist and have to be transformed into SWITCH edu-ID identities. To link existing university members to edu-ID identities we have developed the approaches to link members before, at, or after the deactivation of the organizational IdP.
It has become obvious from the upper two paragraphs that linking organizational identities to edu-ID identities is a key concept of SWITCH edu-ID. One reason for the linking is the possibility to exchange attributes of university members. Again, a university has several implementation choices. It can either push personal attributes to edu-ID when their value has changed, or it can provide a means for the edu-ID IdP to pull attributes when they are required.
The above listed adoption approaches may not be exhaustive. If new scenarios are developed in future workshops, we will add them to the list. In any case you should not hesitate to contact us to discuss possible transition scenarios for your university.