SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.


Which e-ID does Switzerland need?

On 7 March, Switzerland rejected proposed legislation to establish an e-ID.
As a neutral and independent foundation for Swiss universities, SWITCH has over 20 years’ experience in the field of electronic identities and participated in the process of designing the e-ID. We interviewed Christoph Graf, Programme Manager of SWITCH edu-ID, about the next steps in introducing an e-ID in Switzerland and the role SWITCH can play in this process.
Read more.


Three phase adoption at UNIL

Christopher Greiner, service coordinator, UNIL IT:

It has been two months since our move to edu-ID, here is a recap of our trials and tribulations in switching identity provider.

The University of Lausanne (UNIL) successfully migrated to SWITCH edu-ID on the 10th of February 2021.

We had been preparing for this migration for quite a long time: we first heard about the Swiss edu-ID project back in early 2014. Our university had been one of the early adopters of SWITCH AAI, and quite heavy users of the service, so we were very interested in hearing what SWITCH had in store for the future of this digital identity; we decided to take part in the workshops organised by SWITCH, thinking that the earlier we were involved, the easier it would be for us to find solutions specific to our university’s needs.

Figure 1: Poster for the edu-ID migration

Continue reading


1 Comment

UNIBAS: Smooth sailing with SWITCH edu-ID

Project team: 
Dominik Hofer, Stefan Keller, Andreas Scheppele (KOGIT GmbH), Xiang Wang, Erwin Wendelspiess, Jan Stucki, Thomas Mundschin

Successful transition

“For the University of Basel (UNIBAS), the changeover to SWITCH edu-ID went smoothly. The project was a success, because everything was well prepared from a technical point of view and it did not cause any big issues with regard to communication and user feedback.
Successful projects often remain “under the radar”. The management sometimes hardly notice projects, when everything is running smoothly. This is our motivation to write this short success story:

Continue reading


PH Zug + edu-ID: Linking should be easy for users

With the University of Teacher Education Zug, the second PH switched to SWITCH edu-ID on 7 October 2020.

Abdel Benhauresch, head ICT PH Zug

Abdel Benhauresch (head of the ICT PH Zug), can you tell us a little bit about how the adoption of SWITCH edu-ID took place and what further objectives the PH Zug is pursuing after the successful changeover?

“We are a relatively small university with a core of about 800 users and about three times as many people who attend our continuing education courses.
Accordingly, our IT is small and efficiently structured. Projects have to be well planned and implemented in stages.
The preparations for the adoption of SWITCH edu-ID started two years ago. At first it was unclear when the new Campus Management System (CMS) would go live. Finally, we decided to switch to edu-ID first and to use the new system not before 2021. This means that we will then have to check the interaction of edu-ID with the new CMS.
For the linking process we decided to use a function in Microsoft Azure, because all our users use an Azure Active Directory account (AAD) to authenticate.

Continue reading


e-Mail Address Spring Cleaning

In SWITCH edu-ID the e-mail addresses play a crucial role not only for communication with an edu-ID user but also for authentication. Every e-mail address associated to an edu-ID account also serves as login name. An e-mail address can also be used to reset the password of an edu-ID account. And unless Two-Step login is activated, this would be sufficient to gain control of an account.

Unfortunately, many e-mail addresses don’t belong permanently to the same person. When a student finishes her studies, she will loose her university e-mail address after some time. When a staff member changes jobs, he won’t keep his company e-mail address either.
 In case of popular names, some organisations re-assign e-mail addresses to persons with the same name, hopefully only after a long grace-period. If such a “recycled” e-mail address is still associated to a user account of the original holder of this address in a system like SWITCH edu-ID, this might cause severe security problems.
 Therefore, SWITCH edu-ID has some automated mechanisms to detect, remove, replace and inform about e-mail addresses that no longer work. How do these processes work?

Continue reading


PHBern now also on the road with edu-ID

On August 19, 2020, the Berne University of Teacher Education (PHBern) switched over to SWITCH edu-ID, thus filling the dozen:


More than 8000 students and employees of the PHBern now have an edu-ID account and can use it to access services of their own PH as well as those of other Swiss universities which are open to members of PHBern.

Ulrich Weisenseel, head Services Informatik PHBern, about the planning and adoption:

“When the first planning steps were taken in 2018, the analyses showed that PHBern users accessed more than 100 services via AAI accounts. A picture that looks similar at many universities. University members usually access 10 to 20 times more external than internal services, with the number of logins naturally being highest for the most prominent services such as a university’s own Learning Management System. At PHBern, ILIAS and the intranet “My PHBern” swing out at the top in terms of access numbers.

Continue reading


Ensure secure SWITCHaai login: Turning off outdated security protocols

The TLS protocol secures the communication between a user’s web browser and a server running a web application. The user recognises a secured communication by the lock visualised in the web browser or the https prefix in a link.
The security protocols TLSv1.0 and TLSv1.1 are outdated and no longer rated as secure. Therefore, web server administrators should plan to properly protect their services by updating their web server configuration to require at least TLSv1.2.
To apply this security improvement to SWITCHaai including SWITCH edu-ID, SWITCH announces the upgrade in two phases.

Continue reading


TRID WG Meeting & SWITCH edu-ID Update Event: Look back and forth

This was the first time we could not meet in person at Berne. But still it was a very inspiring occasion for us to come together via SWITCHinteract on May 20.
Around 50 members of universities and related organisations have participated in this three hours online meeting with a very dense programme which illuminated various aspects of SWITCH edu-ID.

Our first keynote speaker Stéphane Recrosio (UNIFR) has provided insights about the adoption of SWITCH edu-ID at the university of Fribourg like planning, communication, support and do’s and don’ts as a result of the experience gained.

While the second keynote speaker Maarten Kremers (SURFnet) talked about the implementation of eduID in the Netherlands it became obvious that similarities to SWITCH edu-ID are probably not purely coincidental.

Beside those two presentations many topics could only be touched upon briefly due to the shortened programme duration, like SLSP status, Kerberos/SPNEGO, Office365, technical accounts, duplication handling, re-use of email addresses, small organisations, service description, eduroam.ch, edu-ID roadmap or AAI and PKI news.
The complete presentations are available here.

The current list of universities adopting SWITCH edu-ID is published on the SWITCH edu-ID website. Only 4 time slots are are still available in 2020.

We hope to see you again in person at Berne during the next Trust & Identity Working Group Meeting and SWITCH edu-ID Update event on May 19 May 26 2021 – please save the date!


1 Comment

Behind the Scenes of SLSP and SWITCH

As we have announced in our blog post “SWITCH edu-ID as door opener for libraries”, SLSP officially launches its new library service in December 2020, which relies on SWITCH edu-ID for user authentication and user management. With several hundred thousand expected users it is likely that the SLSP service will become one of the most widely used services with edu-ID/AAI in Switzerland. Therefore, the SWITCH edu-ID team is actively supporting the SLSP colleagues to optimally integrate it with edu-ID.
In this blog post we describe a few technical details and extensions that the edu-ID team implemented with and for SLSP. Last but not least, there is also a hint on what organisations can do to facilitate access to the SLSP service for their users.

Continue reading


1 Comment

Update to the TRID WG Meeting / SWITCH edu-ID Update Event 2020

The Trust & Identity WG Meeting combined with the SWITCH edu-ID Update Event on Wed 20 May 2020

Registration is open until Friday, 8 May 2020 and mandatory (only registered users and accepted guests may enter the meeting room).

The event is aimed at the following target groups: IdP and SP Administrators, Home Org Administrators, RRA & Attribute Policy Administrators, IdP hosting customers and IT staff with interest in Microsoft / Office 365  for both – Swiss universities that still use SWITCHaai and those that have already switched over to SWITCH edu-ID.


What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of SWITCHaai/edu-ID and SWITCHpki and has the opportunity to provide feedback if there are questions or changes upcoming.


1 Comment

SWITCH edu-ID as door opener for libraries

In December 2020, the Swiss Library Service Platform SLSP goes live[1] after six years of preparation.
From then on, library users will use their SWITCH edu-ID account to register with their research libraries and catalogues. This is expected to affect between 0.5 and 1 million users – especially all Swiss university members.

Thomas_Marty_web

Thomas Marty (director SLSP)

“In today’s knowledge society, unrestricted and timely access to scientific information is of great importance. By guaranteeing access to diverse information resources, academic libraries play a central role in research and teaching at universities, but also in the lifelong learning of the population. SLSP sees itself as a service provider for all academic libraries and contributes to establishing a seamless flow of information for the knowledge society”.

Continue reading


Trust & Identity WG Meeting / SWITCH edu-ID Update Event 2020

SWITCH invites you on Wed, 20 May 2020 to the 3rd Trust & Identity WG Meeting combined with the SWITCH edu-ID Update Event in Berne – or if the specific situation persists online instead.

Registration is open until Friday, 8 May 2020 and required for logistical reasons.
Refer to the registration page for the preliminary schedule and meeting topics.

In case of presence we have foreseen to hold the program between 10:15 and 15:40.
If the event must take place online, we will shorten the program and run from 9-12, including a break.

The event is aimed at the following target groups: IdP and SP Administrators, Home Org Administrators, RRA & Attribute Policy Administrators, IdP hosting customers and IT staff with interest in Microsoft / Office 365  for both – Swiss universities that still use SWITCHaai and those that have already switched over to SWITCH edu-ID.


What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of SWITCHaai/edu-ID and SWITCHpki and has the opportunity to provide feedback if there are questions or changes upcoming.


1 Comment

SWITCH edu-ID reaching 200’000 users

After reaching 100’000 accounts in March 2019, we were able to report 150’000 accounts eight months later. And today, I have the pleasure to announce that SWITCH edu-ID counts now over 200’000th accounts.

Of course, we intented to stick with our tradition to celebrate new landmarks with a cake featuring the number of accounts and a photo with the team behind the SWITCH edu-ID. The cake was already ordered… and if things went as planned, you would now find its picture in this post.

But we needed to bring our plans in line with the measures against COVID-19. Therefore, we had to cancel the cake and change the way the team photo was taken.

For the time being – and if we trust the figures published by the WHO – we can still claim that there are more confirmed identities in the SWITCH edu-ID than there are confirmed COVID-19 cases worldwide (184’975).