In the SWITCH Innovation Lab, the Institute for Data Applications and Security (IDAS) is exploring what influence the development of self-sovereign identities is having on identity management in the Swiss university landscape. We talked to Annett Laube and Gerhard Hassenstein of IDAS and Christoph Graf of SWITCH about this paradigm shift and what it could mean for the development of SWITCH edu-ID.
SWITCH: Why is SWITCH exploring this topic?
Christoph Graf: SWITCH is currently still very busy with the transition from SWITCHaai to SWITCH edu-ID. Nevertheless, we must keep an eye on trends in the field of digital identities and consider what the next development steps might be. We believe that a continuing development towards self-sovereign identities is a possible option here and we would like to prepare ourselves for this with the SWITCH Innovation Lab Self-Sovereign Identities.
SWITCH: What distinguishes self-sovereign identities?
Annett Laube: Self-sovereign identities are created by the user (the holder) and essentially consist of a pair of keys (private and public keys). This identity can be anchored in a decentralised network – in a blockchain, for example. An authoritative source (issuer) can confirm various attributes for the holder, such as their name, date of birth or enrolment at a university, in the form of verifiable credentials. The holder can then pass these credentials on to a service (verifier) when they log on, and thus prove their identity.
SWITCH: What are the advantages over other digital identities?
Gerhard Hassenstein: In contrast to the traditional, centralised identities that are prevalent today, self-sovereign identities give users full and sole control over their identity and the personal data associated with it. The users decide who they give their data to and they always need to give their explicit consent. Self-sovereign identities also support the principles of data economy and thus enable better protection of personal data and ultimately privacy.
SWITCH: Why is this relevant for SWITCH?
Christoph Graf: In 1999, SWITCH began networking (federating) the service- and organisation-specific identities that prevailed at the time, with the help of AAI. This allowed users to use these identities for services outside their own organisation. By shifting its focus to users, SWITCH is going one step further and providing a long-term identity that will also last beyond a change in organisation and fully supports lifelong learning. Self-sovereign identities are continuing this development and give users much more comprehensive control over their data.
SWITCH: What exactly are you investigating in the SWITCH Innovation Lab?
Annett Laube: In the Innovation Lab, we are investigating the influence the development of self-sovereign identities has on identity management in the Swiss university landscape. This includes concepts such as ‘Bring your own Identity’. The paradigm shift brought about by self-sovereign identities will fundamentally change SWITCH’s role. Potential new roles for SWITCH are being considered in the Innovation Lab, and concepts for the further development of SWITCH edu-ID services are being drafted as a starting point for future decentralised identities in higher education.
SWITCH: What have you discovered?
Gerhard Hassenstein: In a first sprint, the basic processes for the use of self-sovereign identities at Swiss universities were identified. SWITCH is facing some key challenges here – firstly, establishing the necessary relationships of trust between issuers of identities and authenticating features and the services using them; and secondly, supporting users in mastering the great complexity of self-sovereign identities and the associated personal responsibility.
SWITCH: What’s next?
Christoph Graf: We have done the conceptual groundwork in this Innovation Lab, and provided the results to the interested community as a contribution to the discussion. The next step is to create a prototype within the next six months.