Will the up and coming OpenID Connect (OIDC) displace the established Security Assertion Markup Language (SAML)? In some domains, it already has, thanks to the wide availability of implementations for many programming languages. It also offers an easy solution for delegating access to protected resources, something that is possible with SAML but more difficult to realise, and is a typical use case for mobile applications today. However, OIDC has no concept of a “federation”, i.e. a private group of entities who trust each other, and that is a big drawback to adoption in a federated context like research and education. In this article, we will look into a few initiatives that seek to bridge the gap between the two realms. Continue reading “OpenID Connect meets SAML and Shibboleth”
Project Swiss edu-ID mobile App started
This week, the project Swiss edu-ID mobile App was started with its kickoff meeting in Zurich. All involved participating institutions were represented: HTW Chur (project lead), USI, FHNW and SWITCH.
AAI & Swiss edu-ID Update 2016
Save the Date: Thursday 30 June 2016
This year the joint update event of SWITCHaai & Swiss edu-ID will take place for the third time – this year a little bit earlier – already dated June 30, as ever in Berne.
Note the date in your agenda for this all-day event where you will get up-to-date information about SWITCHaai, Swiss edu-ID version 2.0 and migration scenarios, as well as having opportunities for exchange with IdM/IAM specialists and service responsibles of other institutions.
Registration information follows later in this blog, AAI mailinglists and the Swiss edu-ID newsletter (swit.ch/swisseduid-announce).
Apache Access Control Reloaded
How to ensure that only staff members of my group in my organisation can access team documents via the web and only if they are connected via the organisation’s office network? And how to implement this without writing code? Thanks to Apache, Shibboleth and a SAML-based federation like SWITCHaai, these not so uncommon real life requirements are easy to implement. At least, once one has understood how user attributes can be used for access control. This blog entry demonstrates how to create such access control rules. Continue reading “Apache Access Control Reloaded”
Bye-bye Guest IdP – Welcome Swiss edu-ID
Since February 2012, SWITCH has operated the Guest Login Identity Provider (Guest IdP), which allowed users without a regular AAI account to access certain services. The Guest IdP has also allowed what was otherwise not possible with SWITCHaai: a quick and easy self-registration to access AAI services.
10 Years SWITCHaai
In autumn 2005, SWITCH launched the production service for the SWITCHaai federation. Now more than 400’000 users from 60 institutions have a SWITCHaai enabled account that allows them to access their choice of more than 800 SWITCHaai enabled services.
New SWITCH story “Exercising caution when processing personal data”
Swiss edu-ID is widely based on SWITCHaai, but there are some fundamental differences to take into account since a Swiss edu-ID is a persistent and user-centered identity. What impact this has on data protection and processing issues is discussed in this new article.
You find Legal and Data Protection Questions also answered in our FAQ section.
New SWITCH story “Who is liable for the Swiss edu-ID?”
What happens if a Swiss edu-ID account is misused? And if the information used to verify a person’s authorisation proves to have been wrong who is then liable – the service operator, the user or the source of the attribute? Where is the Code of Obligations applicable? Read more about these legal questions in this new SWITCH story.
eID for Switzerland is on the road
Imagine you get a Swiss electronic identity. What should it look like?
Fedpol asked the Swiss edu-ID team to comment on their concept of a federal eID.
A starting point
In Sweden more than 50% of citizens already have an eID – an identity originally issued by the private sector (as banks) and developed further towards a standardised identity assertion and a more federated approach. Meanwhile, in Switzerland the foundation for a federal electronic identity will now be laid by presenting an eID concept to the Federal Council and then by starting the process to implement it in law.
As e-identities are widely used in Switzerland and also issued by several organisations (SuisseID, MobileID, Swiss edu-ID etc.), in May 2015 the Federal Office of Police (fedpol) started a consultation about the proposed eID concept. SWITCH provided our statement among a group of 68 companies and institutions with expertise in Identity Management. Now the interpretation of the answers and conclusions are available.
New SWITCH story “Bringing order to the world of avatars”
Why do we need a Swiss edu-ID even though we already have SWITCHaai and why does a user-centered approach make sense? Read more in this new SWITCH story.
New SWITCH story on Swiss edu-ID data protection issues
In the latest SWITCH story “Right to be forgotten and lifetime data retention” SWITCH’s General Counsel Esther Zysset provides answers to questions about data protection in connection with the Swiss edu-ID. Her focus is on issues that do not directly translate from SWITCHaai.
New SWITCH story: “Empowering Swiss research”
The Swiss edu-ID project is partly funded through the funding programme P-2 of swissuniversities. The project manager of P-2, Roland Dietlicher, shares his views on the achievements and challenges of the funding programme P-2 in the latest SWITCH story. In doing that, he also covers the importance of the academic identity Swiss edu-ID to the success of the P-2 programme.
Less hassle, less effort
The Swiss edu-ID can help with a range of problems. The latest SWITCH story highlights two examples:
- Swissbib allows to search most of the Swiss libraries and repositories at once. Users can specify favourite libraries, save reading lists, view their search history and much more besides. Since Swiss edu-ID users can keep their account for an unlimited time, they no longer lose account data when their employment or student status changes as is the case with SWITCHaai.
- Roberto Mazzoni, Head of User Services in the Central IT Department at the University of Zurich, points out specific advantages of the Swiss edu-ID with respect to the current situation with SWITCHaai: It simplifies identity management processes and reduces the risk to create duplications.
Please follow this link to access the SWITCH story.
Could ORCID iD replace the Swiss edu-ID?
Before I bluntly say ‘no!’, let me try to explain why the question arises at all (and why it is reasonable to ask it).
The term ORCID ID actually refers to many things. Technically, it is 1) a unique identifier, 2) a login with a username and password and 3) personal attributes associated with the unique identifier. While I initially thought that the ORCID iD was only an identifier, it turned out that the ORCID community has built an extensive set of additional services over the last few years. Continue reading “Could ORCID iD replace the Swiss edu-ID?”
“No country can manage in isolation”
In an interview about the international ELIXIR project, we learn how research works across national borders. Read in the latest SWITCH Story by Tommi Nyrönen of ELIXIR Finland how eduGAIN is supporting pan-European research projects.