The E-ID of Switzerland is currently being shaped and formed with interested parties contributing to this process on the community platform of the Swiss federal authorities. As research and education are border-less Switch took a stand to point out the importance of the E-ID to stay in line with international developments. Particularly relevant is the emerging eID of the EU and the Trust Services of EBSI (European Blockchain Services Infrastructure) as a potential trust pillar underpinning it.
But where does our identity solution Switch edu-ID together with its international extension eduGAIN of GÉANT fit into this picture, if at all?
This is what we wanted to find out in our contribution to the third wave of the EBSI Early Adopters Programme during 2023 and beginning of 2024. The cluster “Educational ID” of the programme, where Switch was participating, was to demonstrate support for student mobility in Europe using EBSI Trust Services. The results of the programme were presented at the EBSI Ecosystem Day 7 May 2024 in Brussels.
This cluster demonstrated the ability for a student to get an “Educational ID” from a Spanish university delivered in her wallet and to present it to a university in Romania. To make this work, two somewhat hidden but important infrastructure elements were implemented during the course of the project. And this is where the link to Switch edu-ID and eduGAIN appears:
- The data format, or schema, of the “Educational ID” was shaped in a short consultation with members of the GÉANT community to align it as much as possible with the existing attributes in use in eduGAIN.
- GÉANT was added to the project’s trust registry as a so-called Root-TAO (Trusted Accreditation Organisation). This means that GÉANT got registered as trust anchor for this newly created “Educational ID” to assume governance control over it.
Why do we consider these points so relevant?
First, we need to point out that the emerging E-ID/eID ecosystems are not based on the same standards, protocols and tools driving our existing Switch edu-ID and eduGAIN. Adoption or interoperability with these new ecosystems will therefore require some work for us. But let’s remind that we overcame such obstacles in the past several times already and are currently in a transition from SAML to OIDC as underlying protocol. In all these transitions, we tried as much as possible to keep one element stable: the data transported from those issuing it to those consuming it. Student management systems, for instance, should not be affected by changes in the transport mechanisms for the data they provide. This is the investment we want to protect. We could convince EBSI not to impose the eID standards on the “Educational ID” – which would have been their natural choice – but to follow the established practice of eduGAIN. This is good news for all systems already interacting with the Switch edu-ID or eduGAIN.
Now let’s have a look at how to make the “Educational ID” trustworthy. We do have processes in place to make organisations become member or partner of the Switch edu-ID federation and to define their status in the international “federation of federations” through eduGAIN. EBSI initially proposed their standard top-down approach: a trusted path from the EBSI trust root to EU member states first, then to national accreditation bodies and finally enabling universities to issue their “Educational ID”. We could convince EBSI not to take this bureaucratic approach, but to rely on the existing trust framework established by GÉANT governing eduGAIN at global scale. This is good news again for all organisations already participating in the Switch edu-ID federation or in eduGAIN.
We mentioned above that research and education are border-less. That applies not just to the borders of Switzerland or those of the EU. And, by the way, we helped EBSI to recognise scaling options beyond the borders of the EU and the EEA.