SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

NOT for university members only

FHNW e-media offering for teachers uses Shared Attribute API

In principle open

Openness is one of the promises made by SWITCH edu-ID. In recent years, universities have increasingly opened up to additional user groups such as continuing education students or MOOC participants. Cooperation with external parties is becoming increasingly important overall, be it with other universities, research institutions or partners from the private sector. Academic institutions are expanding their offerings, and not every person who makes use of university services has to become an official member of the university.

But that’s why you let everyone in?

However, most service providers do not simply want to blindly trust a self-declared identity that users bring with them (i.e. a “naked” edu-ID).
There are many reasons why one wants to protect applications and content from unauthorized access, e.g. to prevent data theft or manipulation or to comply with data protection or license regulations. And if abuse has taken place despite all precautions, one wants to be able to find out who one can hold liable for damages. Of course, this can be difficult with unchecked identities, even if the majority of users behave correctly and have provided the correct personal data for their digital identity. So is this a reason not to trust edu-ID identities?

Trust look who!

For online registrations at universities, persons can usually register without checking their personal details, which simplifies registration.

At the beginning of the relationship with the university, usually only the contact by e-mail must be secured. A verification of personal data, e.g. by means of an identity card, will only take place later.

The fact that verification of individual attributes is possible at any time for SWITCH edu-ID was first used by national licences (cf. blog article). Only after the Swiss residency has been verified private individuals can use the service and gain access to content from various publishers via a library.

This can be done by checking the mobile phone number via the code sent and/or the residential address via a code sent by letter post. This ensures that only authorised persons have access to the specially licensed content.

Are you a teacher?

Teachers today usually have completed a course of study at a teacher training college. Once in their working life, they are no longer members of the universities and they no longer own an AAI account. However, many teachers regularly attend further education courses at their alma mater, which means that they are actually well-known “returnees”.
Since the University of Applied Sciences of Northwestern Switzerland (FHNW) already allows registrations via edu-ID, it was obvious that teachers who currently no longer have a relationship with the university should also be able to access a new offer via an edu-ID account. Specifically, this is the e-media for teachers in the Canton of Aargau. The FHNW was keen to offer a forward-looking digital solution that would eliminate the need to physically visit one of its libraries.

After evaluating several alternatives, the decision was to use SWITCH edu-ID and Hidden Automatic Navigator HAN, as this did not place any technical demands on providers and publishers, statistical evaluation was possible, the solution was more cost-effective than with OCLC, synergy effects with other university services and national licences could be realised using SWITCH edu-ID and the use of e-resources could easily be limited to one year.

Teachers can find information on how to get started on this page. It will take you to the registration page:

But how do you concretely prove to this service that you are a teacher?

Although there are printed ID cards and an application in the canton of Aargau that contains the necessary master data for teachers, access to this data is not possible for external applications and corresponding attributes are currently not available.

Since electronic data reconciliation is not available as an option, the only way is a manual check carried out by the Brugg-Windisch Library on the basis of the additional data stored by users at registration.

If the check is positive, the FHNW issues an “e-script” entitlement to the person:

This information is stored in the edu-ID account and transmitted when accessing the service, so that users are recognised as authorised persons. The attribute is valid for one year. After that, the authorisation must be checked again, as is the case with national licences.

In this way, around 500 teachers can gain access to the service. 100 have already registered. The FHNW is currently considering extending this offer to the other FHNW cantons.

Entitlements can generally be issued automatically (e.g. on the basis of verification). If teachers could directly receive a corresponding attribute, e.g. as part of their affiliation or a former affiliation as a member of a teacher training college would be sufficient for the entitlement, a manual check could possibly become superfluous in the future.

The technical description of the “Shared Attribute API“, explains how to exchange additional attributes (such as entitlements or group memberships) in SWITCH edu-ID.

Contacts at FHNW:

  • Technical implementation with HAN server: Markus Obrist
  • E-Media access: Charlotte Frauchiger

 

Comments are closed.