SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

Bye-bye Cloud ID – Welcome SWITCH edu-ID

About 27,000 people have got mailing from the SWITCH edu-ID team April 19:
Instead of their former Cloud ID account, SWITCH edu-ID would be used as from 1st May  2017 in order to access the services SWITCHdrive and SWITCHengines.

But how should the vast majority of those users, who did not already have a SWITCH edu-ID account, come to such an identity?

Changeover without effort for 98% of users

The usual way to generate a SWITCH edu-ID account is self-registration – this in line with the principle of user centrism. However, in this case the new accounts were generated automatically in order to spare users effort.
Users who have linked their SWITCH edu-ID account with their existing AAI account(s) have substantially facilitated proper account assignment and account aggregation during conversion. Continue reading

Swiss edu-ID Update Event 2017

Save the date: Thursday 29 June 2017

The focus is put this year on an update about the project Swiss edu-ID and the service SWITCH edu-ID, whose deployment starts in 2017.
Note that no SWITCHaai specific topics are foreseen.

The event will take place June 29 , 11:00 – 16:15, in Berne at UniS, Schanzeneckstrasse 1, room A-126.

Preliminary Programme:

11:00 – 12:00   SWITCH edu-ID for beginners (for people not already familiar with SWITCH edu-ID)

12:00 – 13:15   Arrival for afternoon participants and Lunch
(afternoon participants are warmly welcome to take lunch with us)

13:15 – 14:30   Pilots and current project status

14:30 – 14:55  Coffee break

14:55 – 16:15    Status Migration Strategies, roadmap and next steps

16:15                 End of event


Update 2016-06-01: Registration site with updated agenda

Swiss edu-ID Deployment 2017 – 2020

Project for Deployment Step 1 in 2017 submitted

Meanwhile SWITCH has submitted – together with 7 institutions – a project proposal for the deployment of Swiss edu-ID during 2017 to swissuniversities. The participating universities EPFL, FHNW, UNIFR, UNIGE, UNIL, UNISG and ZHAW intend to analyse their options in order to generate optimal benefit by the use of Swiss edu-ID and for choosing an appropriate way for the integration within their systems and processes.


Planned deployment steps 2017-2020 with entry points for universities

Develop an individual migration plan first

The migration is a required step for all organizations served by SWITCHaai to unleash the full potential of Swiss edu-ID. Swiss edu-ID offers more interfaces to and from the systems of the Swiss edu-ID participants. Therefore a cooperative identity management approach might deliver additional value by being more efficient and covering additional identity management use cases, e.g., by triggering specific identity management workflows at connected sites. Such opportunities have to be evaluated by institutions relating to their general system development and the migration plans.
But planning is only the first step for an organisation. SWITCH intends to submit follow-up projects in the upcoming years (2017-2020). This approach allows universities to find a suitable entry point to start preparation and afterwards the migration to Swiss edu-ID.


Project plan 2017 (simplified)

SWITCH will provide generalised findings of all migration plans from this project to ease individual migration planning steps for organizations following later.

Improve functionality continuously

Whereas organisational “Migration Strategy” work packages are foreseen for the planning of future organisational migrations to Swiss edu-ID, the “Functional Upgrade” work packages extend the features of the Swiss edu-ID in line with stakeholder requirements. They deal with identifying or piloting measures to deliver additional benefits carried out by a subset of the partners and with the implementation of prioritized features requiring additional effort to be deployed for organisational migrations. Thoas work packages are:

  • Support for usage of AHVN13: Analysis of current usage, legal implications and technical approaches, description of solution (FHNW & SWITCH)
  • Privacy and Data Security: Analysis of restrictions for storage and exchange, of technical methods, and description of processes to grant data economy and legal accuracy (EPFL & SWITCH)
  • Uniqueness: Implementation of duplicate prevention (on the fly and in batch mode) and resolution process involving end users
  • Credential Management: Comparison of password policies, implementation of harmonization framework, user workflows for password selection and second factor
  • 3rd Party Vetting: Implementation of vetting mechanisms for increasing quality of name attributes and passport number by 3rd parties
  • Group Management: Allow management of arbitrary flat groups defined by end users (with Grouper), delivery of an affiliation attribute and integration with an attribute provider mechanism

Further components as well as organisational migrations should be included in subsequent applications for the following deployment steps in 2018-2020.

Swiss edu-ID 2017 – 2020

SWITCH intends to fully deploy the Swiss edu-ID by the end of 2020, with almost all organisations migrated from SWITCHaai to Swiss edu-ID.
To this end, several organisations have already started, or will start migration strategy projects jointly with SWITCH. The aim of these projects is to plan the migration locally at the respective organisation as a first step.
An organisation which decides to start such a project should choose their most convenient time from a couple of possible dates (one starting point every year between now and 2020). steps_2017-2020
(details presented at update event in June)

This kind of projects might get funded by the program PgB5, which is organized by swissuniversities. The deadline for the next submission of projects is approaching (August 14, 2016).
Seven universities have already decided to start with the first step – the development of their own migration strategy by

  • analysing the specific system landscape and services at their organisation with respect to identity management,
  • evaluating additional benefits of a higher integration depth with the Swiss edu-ID (“migrated” or “integrated”),
  • choosing an appropriate migration scenario and planning of migration steps,
  • estimating the resource requirements of the migration, and
  • drafting their organisational Swiss edu-ID migration project plan.

The desired output of those migration strategy projects will be migration plans – or drafts thereof – for each participating organisation. Such a plan can then be proposed to the management of the organisation. If the university management agrees, a subsequent migration project (step 2), possibly funded again by PgB5, can then be submitted, targeting at actually adapting the existing infrastructure to the Swiss edu-ID service.