Bring your own identity

In the SWITCH Innovation Lab, the Institute for Data Applications and Security (IDAS) is exploring what influence the development of self-sovereign identities is having on identity management in the Swiss university landscape. We talked to Annett Laube and Gerhard Hassenstein of IDAS and Christoph Graf of SWITCH about this paradigm shift and what it could mean for the development of SWITCH edu-ID.

Text: Christoph Graf, published on 19.11.2020

SWITCH: Why is SWITCH exploring this topic?

Christoph Graf: SWITCH is currently still very busy with the transition from SWITCHaai to SWITCH edu-ID. Nevertheless, we must keep an eye on trends in the field of digital identities and consider what the next development steps might be. We believe that a continuing development towards self-sovereign identities is a possible option here and we would like to prepare ourselves for this with the SWITCH Innovation Lab Self-Sovereign Identities.

SWITCH: What distinguishes self-sovereign identities?

Annett Laube: Self-sovereign identities are created by the user (the holder) and essentially consist of a pair of keys (private and public keys). This identity can be anchored in a decentralised network – in a blockchain, for example. An authoritative source (issuer) can confirm various attributes for the holder, such as their name, date of birth or enrolment at a university, in the form of verifiable credentials. The holder can then pass these credentials on to a service (verifier) when they log on, and thus prove their identity.

SWITCH: What are the advantages over other digital identities?

Gerhard Hassenstein: In contrast to the traditional, centralised identities that are prevalent today, self-sovereign identities give users full and sole control over their identity and the personal data associated with it. The users decide who they give their data to and they always need to give their explicit consent. Self-sovereign identities also support the principles of data economy and thus enable better protection of personal data and ultimately privacy.

SWITCH: Why is this relevant for SWITCH?

Christoph Graf: In 1999, SWITCH began networking (federating) the service- and organisation-specific identities that prevailed at the time, with the help of AAI. This allowed users to use these identities for services outside their own organisation. By shifting its focus to users, SWITCH is going one step further and providing a long-term identity that will also last beyond a change in organisation and fully supports lifelong learning. Self-sovereign identities are continuing this development and give users much more comprehensive control over their data.

SWITCH: What exactly are you investigating in the SWITCH Innovation Lab?

Annett Laube: In the Innovation Lab, we are investigating the influence the development of self-sovereign identities has on identity management in the Swiss university landscape. This includes concepts such as ‘Bring your own Identity’. The paradigm shift brought about by self-sovereign identities will fundamentally change SWITCH’s role. Potential new roles for SWITCH are being considered in the Innovation Lab, and concepts for the further development of SWITCH edu-ID services are being drafted as a starting point for future decentralised identities in higher education.

SWITCH: What have you discovered?

Gerhard Hassenstein: In a first sprint, the basic processes for the use of self-sovereign identities at Swiss universities were identified. SWITCH is facing some key challenges here – firstly, establishing the necessary relationships of trust between issuers of identities and authenticating features and the services using them; and secondly, supporting users in mastering the great complexity of self-sovereign identities and the associated personal responsibility.

SWITCH: What’s next?

Christoph Graf: We have done the conceptual groundwork in this Innovation Lab, and provided the results to the interested community as a contribution to the discussion. The next step is to create a prototype within the next six months.

 

About the author
Christoph   Graf

Christoph Graf

Christoph Graf graduated in Electrical Engineering at the Federal Institute of Technology in Zurich in 1986. He joined SWITCH in 1991. After leaving to work at DANTE in Cambridge, he came back to SWITCH in 1998. He is now the program leader SWITCH edu-ID.

E-mail

Annett-Laube-Autorenbild

Prof. Annett Laube

Prof. Annett Laube holds a doctorate in Computer Science from TU Dresden. After working in the IT industry (IBM and SAP) for more than 10 years, she became a lecturer in IT at Bern University of Applied Sciences in 2009. In addition to teaching, Annett Laube also works at the Institute for Data Applications and Security (IDAS) and in the IAM research group.

Portrait_close

Prof. Gerhard Hassenstein

Prof. Gerhard Hassenstein holds a degree in engineering. After completing his postgraduate studies and working in the field of IT services for almost 20 years, he has been a full-time lecturer in IT security at Bern University of Applied Sciences since 2007. Alongside his teaching commitments, he also works at the Institute for Data Applications and Security (IDAS).

Other articles