This story is from the category Innovation and the dossier Identity Management

Swiss edu-ID goes live

SWITCH rolled out the Swiss edu-ID at the start of March 2015. What is it, and what benefits does it bring?

Text: Christoph Graf, published on 14.04.2015

The Swiss edu-ID is a lifelong digital identity for everyone connected to the Swiss academic community, i.e. students, graduates, researchers, lecturers and university staff. It can be thought of as an extension of SWITCHaai, which controls access to resources on the Web (see box). While SWITCHaai is centred on organisations, the Swiss edu-ID is user-centric. This change in approach came about because SWITCHaai was reaching the limits of its flexibility in some cases.

  • Access for guests: Not all users of services provided by universities and partner organisations are university members with a SWITCHaai account. Guests, external staff and alumni sometimes need access to these services as well. This means that the service operators have to set up exception procedures for registration and access control mechanisms in addition to handling user administration. Situations like this are very common for library services and research collaborations.
  • Transfers between universities and roles: In these cases, new SWITCHaai accounts have to be created. The disadvantage here is that users are no longer recognised by many services and have to go through exception procedures to access their existing data.
  • Multiple memberships: An authorised user who works at more than one university – which is especially common among lecturers – needs more than one SWITCHaai account. As a result, they have different “correct” access accounts for different IT services, which is rather laborious.

In contrast to the organisation-focused SWITCHaai, therefore, each individual receives only Swiss edu-ID, which they bring to their university and retain when they leave or transfer. The university can add to this digital identity, for example with an attribute confirming that the user is a student. When this is no longer the case, the attribute can be removed. This Swiss edu-ID remains valid through changes of university and role, with its content updated to reflect the holder’s current circumstances. This means that guests, external staff and alumni can all be served appropriately as long as they have a Swiss edu-ID. Anyone who does not already have one can select Swiss edu-ID as their home organisation when signing up to an IT service and will then be guided through the creation process.

The Swiss edu-ID is largely compatible with SWITCHaai. Many of the 800 IT services that currently employ SWITCHaai for access control can be unlocked or used with the first version. On top of this, it is particularly easy for anyone who already has a SWITCHaai account to create a Swiss edu-ID because the basic information can simply be copied over.

Version 1 of the Swiss edu-ID went into operation at the beginning of March 2015 and supports the following features:

  • Simplified creation process: When someone who does not have an AAI account signs up to an IT service, they are advised to create a Swiss edu-ID.
  • Interconnection: When users who already have an AAI account request a Swiss edu-ID, their AAI data can be copied over.
  • Familiarisation: Providers of IT services can use Version 1 to study how the Swiss edu-ID can be embedded in their processes.

What comes next? Version 2 will allow universities to add attributes, thus ensuring that the Swiss edu-ID covers the same functionality as SWITCHaai – and more besides. It is scheduled for rollout in the middle of 2016.

About the Swiss edu-ID
Contact and newsletter
About the author
Christoph   Graf

Christoph Graf

Christoph Graf graduated in Electrical Engineering at the Federal Institute of Technology in Zurich in 1986. He joined SWITCH in 1991. After leaving to work at DANTE in Cambridge, he came back to SWITCH in 1998. He is now in charge of Supporting Operations.

E-mail

Where it all began: SWITCHaai

AAI stands for Authentication and Authorisation Infrastructure. This infrastructure makes it easier to access online resources within the Swiss academic community. Whereas members of one university used to need additional digital identities for other universities, these days they only need a single identity. The AAI login they receive from their university is their passport to almost all the resources made available on the web by Swiss universities and related organisations. The people in charge of these resources decide which identities they are available to. More than 400,000 members of over 50 organisations have a SWITCHaai account that allows them to use in excess of 800 IT services.

SWITCHaai
Other articles