Duplicate user accounts on a single system are sooner or later causing a nightmare. One ambition of the SWITCH edu-ID has always been the prevention of duplicate user accounts. However, only a few weeks after the edu-ID launch in 2015 we already found indications for a couple of duplicate accounts. How did that come about and what can we do to prevent duplicate accounts?
The SWITCH identity federation was conceived almost two decades ago. The SWITCHaai service, implementing its concepts, has been in operation for over a decade. Today, the SWITCH edu-ID service is in its initial stages to become its successor, and it is still following the same model: to stay the identity federation of the Swiss academic community. That is reason enough to address those two rather fundamental questions:
- Are national identity federations still the right approach to satisfy the needs of the academic community – a community with increasing international collaboration?
- Will emerging e-ID services, or services like SwissID, eventually replace the SWITCH identity federation?
Both question the remits of the current solution: national and academic. But they differ in perspective: while the first is questioning the national remit, the second is questioning the academic-only context. Continue reading
Project for Deployment Step 2 in 2018/19 submitted
Within this next project phase – once approved by swissuniversities – the first three universities will implement SWITCH edu-ID:
- Université de Lausanne
- Universität St. Gallen
- Zürcher Hochschule für Angewandte Wissenschaften.
They’ve developed their individual integration plan during 2017 (Deployment Step 1). As the other four participating universities they have considerably contributed to elaborate and sharpen adoption scenarios for linking of new and current members and for managing affiliations.
Eleven universities will start implementation planning: Berner Fachhochschule, FernUni, Fachhochschule St. Gallen, Haute école spécialisée de Suisse occidentale, Hochschule Luzern, Hochschule für Technik und Wirtschaft Chur (HTW Chur), Hochschule für Wirtschaft Zürich, Pädagogische Hochschule Bern, Pädagogische Hochschule Schwyz (PHSZ), Université de Neuchâtel and Zürcher Hochschule der Künste.
In 2017, seven universites have started planning their adoption of SWITCH edu-ID. Together with the edu-ID project team each university organized 2-4 workshops to elaborate an individual integration concept and to determine a time schedule for the transition.
It was no surprise to see that the IT landscape and identity management (IdM) processes of the universities are fairly different. Based on the workshops we were however able to identify and document a few major categories which may serve as source of ideas for other universities.
SWITCH invites you on Wed, 14 March 2018 to the 1st Trust & Identity WG Meeting in Berne.
The intended audience of this event are administrators of either an Identity Provider or Service Provider registered in SWITCHaai as well as the SWITCHpki registration authority operators. The participants will gain more insight into the technical details that support the seamless adoption of the SWITCH edu-ID service.
Registration is open until Wed, 7. March 2018 and required for logistical reasons. Refer to the registration page for the draft agenda and schedule.
- The new SWITCH edu-ID Service Description
- An Organization adopts SWITCH edu-ID
- Single digital identity and multiple affiliations
- What happens when a current affiliation ends?
- “SWITCH edu-ID behind the scenes”
- Custom-tailor the SWITCH edu-ID service for your SP
- Think about data protection
- Secrets of the SWITCH edu-ID password
- Interfederation Update
- Single Logout
- SWITCHpki News
- SWITCH edu-ID Liaisons
- SWITCH edu-ID Roadmap
What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG is a new forum in analogy to the well established SWITCH Network WG or the SWITCH Security WG, which you might have heard of before.
The newly formed Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of these two services and has the opportunity to provide feedback if there are questions or changes upcoming.
Relationship to other SWITCH events
- The Trust & Identity WG Meeting replaces the earlier SWITCHaai update events.
- The SWITCH edu-ID update event is planned for early summer and will focus on the migration projects and less on technical issues.
In a previous blog post we presented how AAI Service Provider (SP) administrators can customize the edu-ID registration and login pages individually for their service. However, an SP administrator can not only brand the edu-ID pages with a custom logo or custom text but he can also influence the process itself used when users register, login or when they complete their account data. Examples of such process modifications are:
- To send a user automatically to a specific URL after registration or login
- To make a user first provide a specific verified or unverified attribute (e.g. mobile number or home postal address) and then send him back to the service
Both of these example scenarios have been used for instance by the Swissbib service for several months. Swissbib users sometimes have to provide a verified mobile number and/or postal address before they get access to national license content, which – by agreement – should be only available to residents of Switzerland.
So, how can an AAI SP administrator customize the edu-ID processes to implement the above and more scenarios? All that is needed is to send the user on the right path, or rather to the right URL. For all those not wanting to get familiar with the technical details of how these URLs have to be composed to achieve a certain process change, we have created a useful tool that makes the URL generation very easy: The edu-ID Login Link Composer.
The edu-ID Login Link Composer consists of a form with several inputs that are used to generate a link which triggers the requested behaviour. The user then just has to be sent to the generated URL to start the process.
Try out the edu-ID Login Link Composer with your own AAI service.
What does it take for a university to adopt the SWITCH edu-ID? This is the question SWITCH and seven partners (EPFL, FHNW, UNIFR, UNIGE, UNIL, UNISG and ZHAW) are addressing in the project “Swiss edu-ID Deployment Step 1” as part of swissuniversities’ program «Scientific information». The project advanced nicely and would justify an article on its own. But let’s draw your attention to an interesting side product of this project: we learned how electronic identities are managed in our community – and how the approaches are evolving over time and why.