Project for Deployment Step 2 in 2018/19 submitted
Within this next project phase – once approved by swissuniversities – the first three universities will implement SWITCH edu-ID:
Université de Lausanne
Universität St. Gallen
Zürcher Hochschule für Angewandte Wissenschaften.
They’ve developed their individual integration plan during 2017 (Deployment Step 1). As the other four participating universities they have considerably contributed to elaborate and sharpen adoption scenarios for linking of new and current members and for managing affiliations.
Eleven universities will start implementation planning: Berner Fachhochschule, FernUni, Fachhochschule St. Gallen, Haute école spécialisée de Suisse occidentale, Hochschule Luzern, Hochschule für Technik und Wirtschaft Chur (HTW Chur), Hochschule für Wirtschaft Zürich, Pädagogische Hochschule Bern, Pädagogische Hochschule Schwyz (PHSZ), Université de Neuchâtel and Zürcher Hochschule der Künste.
SWITCH invites you on Wed, 14 March 2018 to the 1st Trust & Identity WG Meeting in Berne.
The intended audience of this event are administrators of either an Identity Provider or Service Provider registered in SWITCHaai as well as the SWITCHpki registration authority operators. The participants will gain more insight into the technical details that support the seamless adoption of the SWITCH edu-ID service.
Is one password for everything the right way? Could E-ID be a suitable solution to facilitate users life? Christoph Graf discusses such questions and explains how SWITCH edu-ID fits in the ID landscape and what our expectations about E-ID would be. Read more (in German)
Last week, the number of services registered in the SWITCHaai federation crossed the 1’000 line for the first time.
When the Università della Svizzera italiana, Damiano Bianchi (Servizio informatico TI-EDU) registered the ‘USI Library service’ (the 21st service of USI), this new service became the 1’000th SP available in the SWITCHaai federation.
About 27,000 people have got mailing from the SWITCH edu-ID team April 19:
Instead of their former Cloud ID account, SWITCH edu-ID would be used as from 1st May 2017 in order to access the services SWITCHdrive and SWITCHengines.
But how should the vast majority of those users, who did not already have a SWITCH edu-ID account, come to such an identity?
Changeover without effort for 98% of users
The usual way to generate a SWITCH edu-ID account is self-registration – this in line with the principle of user centrism. However, in this case the new accounts were generated automatically in order to spare users effort. Users who have linked their SWITCH edu-ID account with their existing AAI account(s) have substantially facilitated proper account assignment and account aggregation during conversion. Continue reading “Bye-bye Cloud ID – Welcome SWITCH edu-ID”
Read more about the transition of the Swiss edu-ID project to operation in 2017 (SWITCH edu-ID service), its features, initial practical experiences and migration planning that has started with seven universities.
The focus is put this year on an update about the project Swiss edu-ID and the service SWITCH edu-ID, whose deployment starts in 2017.
Note that no SWITCHaai specific topics are foreseen.
The event will take place June 29 , 11:00 – 16:15, in Berne at UniS, Schanzeneckstrasse 1, room A-126.
Preliminary Programme:
11:00 – 12:00 SWITCH edu-ID for beginners (for people not already familiar with SWITCH edu-ID)
12:00 – 13:15 Arrival for afternoon participants and Lunch
(afternoon participants are warmly welcome to take lunch with us)
13:15 – 14:30 Pilots and current project status
14:30 – 14:55 Coffee break
14:55 – 16:15 Status Migration Strategies, roadmap and next steps
Back in May 2015, the Shibboleth Consortium announced July 31st 2016 as end-of-life date for the IdPv2 code base. A redesigned IdPv3.1.1 is available since March 2015. One month later, SWITCH announced the initial version of the SWITCHaai specific IdPv3 installation guide. In June and September 2015, SWITCH offered well-attended IdP training courses [4] on how to configure IdPv3. Since then, the number of IdPv3 installations has gradually increased to the 80% level it reached just at the beginning of the autumn semester 2016.
Meanwhile SWITCH has submitted – together with 7 institutions – a project proposal for the deployment of Swiss edu-ID during 2017 to swissuniversities. The participating universities EPFL, FHNW, UNIFR, UNIGE, UNIL, UNISG and ZHAW intend to analyse their options in order to generate optimal benefit by the use of Swiss edu-ID and for choosing an appropriate way for the integration within their systems and processes.
Planned deployment steps 2017-2020 with entry points for universities
Develop an individual migration plan first
The migration is a required step for all organizations served by SWITCHaai to unleash the full potential of Swiss edu-ID. Swiss edu-ID offers more interfaces to and from the systems of the Swiss edu-ID participants. Therefore a cooperative identity management approach might deliver additional value by being more efficient and covering additional identity management use cases, e.g., by triggering specific identity management workflows at connected sites. Such opportunities have to be evaluated by institutions relating to their general system development and the migration plans.
But planning is only the first step for an organisation. SWITCH intends to submit follow-up projects in the upcoming years (2017-2020). This approach allows universities to find a suitable entry point to start preparation and afterwards the migration to Swiss edu-ID.
Project plan 2017 (simplified)
SWITCH will provide generalised findings of all migration plans from this project to ease individual migration planning steps for organizations following later.
Improve functionality continuously
Whereas organisational “Migration Strategy” work packages are foreseen for the planning of future organisational migrations to Swiss edu-ID, the “Functional Upgrade” work packages extend the features of the Swiss edu-ID in line with stakeholder requirements. They deal with identifying or piloting measures to deliver additional benefits carried out by a subset of the partners and with the implementation of prioritized features requiring additional effort to be deployed for organisational migrations. Thoas work packages are:
Support for usage of AHVN13: Analysis of current usage, legal implications and technical approaches, description of solution (FHNW & SWITCH)
Privacy and Data Security: Analysis of restrictions for storage and exchange, of technical methods, and description of processes to grant data economy and legal accuracy (EPFL & SWITCH)
Uniqueness: Implementation of duplicate prevention (on the fly and in batch mode) and resolution process involving end users
Credential Management: Comparison of password policies, implementation of harmonization framework, user workflows for password selection and second factor
3rd Party Vetting: Implementation of vetting mechanisms for increasing quality of name attributes and passport number by 3rd parties
Group Management: Allow management of arbitrary flat groups defined by end users (with Grouper), delivery of an affiliation attribute and integration with an attribute provider mechanism
Further components as well as organisational migrations should be included in subsequent applications for the following deployment steps in 2018-2020.
Read more about how SWITCH opens access for Swiss researchers to leading research projects and why solving the problems only for Swiss infrastructure does not mean to have them effectively solved for Swiss users too in this story.
SWITCH intends to fully deploy the Swiss edu-ID by the end of 2020, with almost all organisations migrated from SWITCHaai to Swiss edu-ID.
To this end, several organisations have already started, or will start migration strategy projects jointly with SWITCH. The aim of these projects is to plan the migration locally at the respective organisation as a first step.
An organisation which decides to start such a project should choose their most convenient time from a couple of possible dates (one starting point every year between now and 2020).
(details presented at update event in June)
This kind of projects might get funded by theprogram PgB5, which is organized by swissuniversities. The deadline for the next submission of projects is approaching (August 14, 2016).
Seven universities have already decided to start with the first step – the development of their own migration strategy by
analysing the specific system landscape and services at their organisation with respect to identity management,
evaluating additional benefits of a higher integration depth with the Swiss edu-ID (“migrated” or “integrated”),
choosing an appropriate migration scenario and planning of migration steps,
estimating the resource requirements of the migration, and
drafting their organisational Swiss edu-ID migration project plan.
The desired output of those migration strategy projects will be migration plans – or drafts thereof – for each participating organisation. Such a plan can then be proposed to the management of the organisation. If the university management agrees, a subsequent migration project (step 2), possibly funded again by PgB5, can then be submitted, targeting at actually adapting the existing infrastructure to the Swiss edu-ID service.
As announced the phase of the survey conduction has started and the RFI documents have been sent to interested participants 4th of May.
The RFI documents are published on the Swiss edu-ID website.
Deadline for RFI answers is May 22nd, 2016.
By June 1st the most promising participants will be determined and invited to a presentation workshop.
Workshops will take place from June 6th until 10th.
With a Request for Information (RFI), SWITCH wants to gain an overview of Identity Management solutions, including Open Source, on the market today that may fit Swiss edu-ID requirements.
Today potential providers of an IdM solution for Swiss edu-ID have been invited to participate in the Request for Information. The invitation and additional information on the Swiss edu-ID environmental fit are published on the Swiss edu-ID website.
Companies should express their interest explicitly to eduid.rfi@temet.ch no later than May 3rd, 2016, and provide the E-Mail address of the intended RFI recipient. The RFI will be distributed no later than May 5th, 2016, and answers to the RFI are expected no later than May 22nd, 2016.
Then we would like to invite you to this event with an AAI Update in the morning (10:15 – 12:00)
followed by a Swiss edu-ID Update in the afternoon (13:15 – 16:15).
This is one of the questions we answer quite often – and the answer is “yes”. Of course we do observe initiatives within Switzerland (mainly eGovernment related) and abroad, and including international projects with common tasks and possible synergies. In addition to simply monitor what others do, we build relationships, exchange know-how, evaluate eID initiatives of other National research and education networks (NRENs), provide advice for groups who only yet start with federation projects, and SWITCH is active in international projects as GEANT.
Hereafter you find some examples of initiatives and projects, their goals and concepts, common activities (if any), and some ideas about common interests or possible synergies.
