SWITCH edu-ID – SWITCH Identity Blog

New simplified edu-ID integration for organizations available now

The integration of the edu-ID previously required the implementation of two small software components on the university side:

1. the linking service with which the edu-ID account of a person is linked to the internal account at the university,
2. and the attribute synchronization with which the university manages the affiliations in the edu-ID accounts.

A new integration method is now available that does not require the development and operation of software at the university. Continue reading “New simplified edu-ID integration for organizations available now”

700’000 reasons to celebrate

Just in time for the yearly Trust and Identity Workgroup meeting the barrier was broken mid May. To celebrate the 700’000th edu-ID user account the trust and identity team had, however, to wait a few more weeks, because several team members were on vacation at that time. But it’s never too late for cake 😀

We hope to soon celebrate the cake for 800’000 accounts when University of Zurich , ETHZ, EPFL and other universities adopt edu-ID in the coming months.

Trust & Identity Meeting 2022

SWITCH invites you on Wednesday 18. May 2022 to the Trust & Identity Meeting 2022, held as a hybrid meeting, on premise in Zurich as well as online.

Registration is open until Monday, 16. May 2022.
There you will find as well the draft agenda and meeting topics.

Details (links etc.) will be provided 48 hours in advance to registered participants.

The event is aimed at the following target groups:

IdP, SP and RP Administrators
Home Org Administrators
RRA & Attribute Policy Administrators
IdP hosting customers and
IT staff with interest in PKI, eduroam, authentication and authorization

for both – Swiss universities that already adopted SWITCH edu-ID and the ones that haven’t yet.

The life of an edu-ID account

Lifelong learning benefits from lifelong user accounts. SWITCH edu-ID accounts are such lifelong user accounts. However, lifelong sometimes does not mean forever, which may be a surprise in this context. Why is that so?
Due to data privacy laws a life long account is – like a lifelong prison sentence – not for all eternity. At some point an account is deleted or archived even though its owner is still alive and well.

Continue reading “The life of an edu-ID account”

edu-ID Explained in 80 Seconds

SWITCH has produced a video clip that explains the most important things about edu-ID to end users in 80 seconds. The clip is available in french, italian, german and english. Continue reading “edu-ID Explained in 80 Seconds”

Swiss E-ID, take two – SWITCH takes a stand

After a surprisingly clear defeat of the e-ID proposal in the national referendum early March 2021, the federal administration presented plans for a new attempt a month ago with a discussion paper on the target vision for an e-ID (DE, FR).

SWITCH is taking a stand and handed in a position statement end of September 2021 on this discussion paper in German: Stellungnahme SWITCH Zielbild E-ID final_sig.

Continue reading “Swiss E-ID, take two – SWITCH takes a stand”

The project is finished – but we’re still on the ball!

When the national cooperation project “Swiss edu-ID” – supported by swissuniversities – started in 2014, it was clear that it would not be a walk in the park. Replacing a system like SWITCHaai that is running very well since more than a decade is not easy. Universities have to be convinced of the new solution – both in terms of technology and benefits – and also have enough time and resources to implement it.

With the Swiss edu-ID project, a major conceptual change from a decentralized authentication infrastructure to a centralized one was planned. This creates stronger dependencies. A stable basis of trust and smooth operation were important prerequisites. In parallel with the universities’ efforts, SWITCH therefore continued to expand the service and took measures to ensure performance and fail-safety.

Continue reading “The project is finished – but we’re still on the ball!”

edu-ID for Private Library Customers

It is with great pleasure that we can report the next milestone in the development of the SWITCH edu-ID.

As you know, most of the Swiss university libraries launched the joint library platform Swisscovery in December last year. All university members can log in to Swisscovery exclusively with edu-ID.

However, many libraries have a service mandate not only for universities but also for private users. This means that authorisation via edu-ID had to be extended so that users who are not enrolled at a university can also use library resources.

Continue reading “edu-ID for Private Library Customers”

Which e-ID does Switzerland need?

On 7 March, Switzerland rejected proposed legislation to establish an e-ID.
As a neutral and independent foundation for Swiss universities, SWITCH has over 20 years’ experience in the field of electronic identities and participated in the process of designing the e-ID. We interviewed Christoph Graf, Programme Manager of SWITCH edu-ID, about the next steps in introducing an e-ID in Switzerland and the role SWITCH can play in this process.
Read more.

Three phase adoption at UNIL

Christopher Greiner, service coordinator, UNIL IT:

It has been two months since our move to edu-ID, here is a recap of our trials and tribulations in switching identity provider.

The University of Lausanne (UNIL) successfully migrated to SWITCH edu-ID on the 10th of February 2021.

We had been preparing for this migration for quite a long time: we first heard about the Swiss edu-ID project back in early 2014. Our university had been one of the early adopters of SWITCH AAI, and quite heavy users of the service, so we were very interested in hearing what SWITCH had in store for the future of this digital identity; we decided to take part in the workshops organised by SWITCH, thinking that the earlier we were involved, the easier it would be for us to find solutions specific to our university’s needs.

Figure 1: Poster for the edu-ID migration

Continue reading “Three phase adoption at UNIL”

edu-ID now Supports OpenID Connect

For more than 15 years, the SWITCHaai federation was entirely based on the SAML protocol. SWITCH is happy to announce that as of March 1st 2021 the edu-ID identity provider (IdP) officially also supports OpenID Connect.

Continue reading “edu-ID now Supports OpenID Connect”

The Right Way to Create an Account

Like described in the blog post Sending Users on the Right Path, it sometimes is in everybody’s interest to guide end-users on a certain path to achieve a goal. Such helpful nudges are also used during account creation when end-users choose how to create their SWITCH edu-ID account.

UNIBAS: Smooth sailing with SWITCH edu-ID

Project team: 
Dominik Hofer, Stefan Keller, Andreas Scheppele (KOGIT GmbH), Xiang Wang, Erwin Wendelspiess, Jan Stucki, Thomas Mundschin

Successful transition

“For the University of Basel (UNIBAS), the changeover to SWITCH edu-ID went smoothly. The project was a success, because everything was well prepared from a technical point of view and it did not cause any big issues with regard to communication and user feedback.
Successful projects often remain “under the radar”. The management sometimes hardly notice projects, when everything is running smoothly. This is our motivation to write this short success story:

Continue reading “UNIBAS: Smooth sailing with SWITCH edu-ID”

PH Zug + edu-ID: Linking should be easy for users

With the University of Teacher Education Zug, the second PH switched to SWITCH edu-ID on 7 October 2020.

Abdel Benhauresch (head of the ICT PH Zug), can you tell us a little bit about how the adoption of SWITCH edu-ID took place and what further objectives the PH Zug is pursuing after the successful changeover?

“We are a relatively small university with a core of about 800 users and about three times as many people who attend our continuing education courses.
Accordingly, our IT is small and efficiently structured. Projects have to be well planned and implemented in stages.
The preparations for the adoption of SWITCH edu-ID started two years ago. At first it was unclear when the new Campus Management System (CMS) would go live. Finally, we decided to switch to edu-ID first and to use the new system not before 2021. This means that we will then have to check the interaction of edu-ID with the new CMS.
For the linking process we decided to use a function in Microsoft Azure, because all our users use an Azure Active Directory account (AAD) to authenticate.

e-Mail Address Spring Cleaning

In SWITCH edu-ID the e-mail addresses play a crucial role not only for communication with an edu-ID user but also for authentication. Every e-mail address associated to an edu-ID account also serves as login name. An e-mail address can also be used to reset the password of an edu-ID account. And unless Two-Step login is activated, this would be sufficient to gain control of an account.

Unfortunately, many e-mail addresses don’t belong permanently to the same person. When a student finishes her studies, she will loose her university e-mail address after some time. When a staff member changes jobs, he won’t keep his company e-mail address either.
In case of popular names, some organisations re-assign e-mail addresses to persons with the same name, hopefully only after a long grace-period. If such a “recycled” e-mail address is still associated to a user account of the original holder of this address in a system like SWITCH edu-ID, this might cause severe security problems.
Therefore, SWITCH edu-ID has some automated mechanisms to detect, remove, replace and inform about e-mail addresses that no longer work. How do these processes work?