Swiss edu-ID Deployment: Next Steps

Project for Deployment Step 2 in 2018/19 submitted

Within this next project phase – once approved by swissuniversities – the first three universities will implement SWITCH edu-ID:

  • Université de Lausanne
  • Universität St. Gallen
  • Zürcher Hochschule für Angewandte Wissenschaften.

They’ve developed their individual integration plan during 2017 (Deployment Step 1). As the other four participating universities they have considerably contributed to elaborate and sharpen adoption scenarios for linking of new and current members and for managing affiliations.

Eleven universities will start implementation planning: Berner Fachhochschule, FernUni, Fachhochschule St. Gallen, Haute école spécialisée de Suisse occidentale, Hochschule Luzern, Hochschule für Technik und Wirtschaft Chur (HTW Chur), Pädagogische Hochschule Bern, Pädagogische Hochschule Schwyz (PHSZ), Université de Neuchâtel and Zürcher Hochschule der Künste.

Last August there wasn’t an opportunity for a project submission. Subsequently four universities decided to start planning in early 2018 without funding: Interstaatliche Hochschule für Technick Buchs (NTB), Universität Bern (UNIBE), Universität Luzern (UNILU) and Pädagogische Hochschule Zug (PHZG).
For some smaller universities with streamlined identity management and concise processes it should be possible to integrate SWITCH edu-ID already in 2018 – right after having finished their planning. This could be the case with UNILU, PHZG and PHSZ having in mind to integrate SWITCH edu-ID this year (but since planning has to be done first we wouldn’t make any promises here…).

Extend functionality

Beside the planning and integration activities a huge part of the project is dedicated to functional extensions:

Some of them require also participation of partners in pilots and/or testing:

  1. Extending Group Management Functionality
    • design of group management architecture (VHO replacement, central edu-ID GM, external partner GM)
    • evaluation of technical solutions
    • presentation of concept & request for participation of external partners
    • definition of service environment (API specifications, data, attribute standards, support processes)
    • pilots for VHO and edu-ID GM (one with an external partner)
  2. Microsoft Integration
    • SPNEGO AuthN: PoC, implementaion, testing with partner, service
    • AuthN & AuthZ with on premise AD Services: concept
    • AuthN & AuthZ with Azure Cloud Services: concept
  3. Multi-Factor Authentication (MFA)
    • evaluation of MFA backend (SMS-TAN, TOTP and a recovery/backup method)
    • pilot
    • clarification of MFA policy (responsibilities, validity, quality, usability)
    • implementation (SMS-TAN), documentation, support
    • addition of TOTP
  4. eduroam
    • definition of access policy (members, partners, guests etc.)
    • setup of service conditions and environment (support, documentation, tariff)
    • extension of end-user interface (configuration for various devices)
  5. User Interface for Organisational Administrators
    • prioritization of functions and processes to be supported
    • conceptual design for organisational administrator’s environment
    • design (or selection) of technical framework
    • implementation of top priority processes.
    • testing with partners (migrating to edu-ID)
  6. OpenID Connect (OIDC)
    • specification of  OIDC support for edu-ID
    • pilot service (as soon as OIDC and OIDCfed are available in Shibboleth)
    • testing with partners (using mobile applications (AppAuth) and web applications (OIDC))

Next steps

Until Deployment Step 2.2 can hopefully start in August we will complete the work of Deployment Step 1 (extension) and start the workshops with NTB, UNIBE, UNILU and PHZG.

As part of a mandate swissuniversities has approved funding for usability testing performed by HTW Chur and HES-SO Genève for the Swiss edu-ID project. This support is very welcome since the creation of an account might be hurdle for users and transparency often contradictory to user-friendliness.

Not all universities starting in 2017 have finished their planning yet. Two of them have IdM implementation projects running that have to be finished first (both are expected to participate in the next call), one is waiting for legal advise and for one university the replacement of the local IdP would be a bigger challenge.

The next opportunity for project submission will be mid August 2018 – don’t miss it!

Comments are closed.