What are digital identities, and why do we need a Swiss edu-ID when we already have SWITCHaai?
The virtual world is populated by digital identities. They contain personal details – such as names, addresses, roles and authorisations – known as attributes. Access usually requires a user name and a password. Users set up some identities themselves, whereas others are set up by an institution, particularly when the information and authorisations they contain have to be approved. One example of a digital identity is a SWITCHaai login at a university in Switzerland (see box).
With SWITCHaai, the academic community solved the problem of managing a large number of identities for various resources a whole decade ago. It agreed to use shared policies and interfaces, referred to as identity federations, as well as the same basic identities. Cross-border access has even been possible for a number of years thanks to the eduGAIN interfederation service, which is being constantly expanded and is of crucial importance for researchers working internationally. SWITCH plays an active role here (see articles "No country can manage in isolation" and "The recipe for cutting-edge international research") SWITCHaai has been proving its worth for ten years, and eduGAIN is well on the way towards doing the same, so why should the Swiss universities need new digital identities? The answer is that SWITCHaai was created with institutions in mind, not users. This has resulted in a few annoying problems that the Swiss edu-ID is intended to solve:
Users can enter their own basic data. Anyone who already has a SWITCHaai login can convert it into a Swiss edu-ID
The Swiss edu-ID is designed to work as follows:
Users can enter their own basic data. Anyone who already has a SWITCHaai login can convert it into a Swiss edu-ID (see article "Your folder for life"). The basic data are stored by the identity provider, which in this case is SWITCH. Attributes referenced therein, for example those relating to authorisations, are controlled by the individual institutions, which must verify them and make them available in the required quality.
The institutions can access the basic data via compatible interfaces. This saves their IT administrators a lot of time and effort and also helps them to avoid unwanted duplication (see article "Less hassle, less effort").
The creation of the Swiss edu-ID is leading to a complex situation as regards data protection. Federal law and cantonal rules apply. SWITCH is working to clarify the legal aspects and take account of them in its development efforts (see article "Right to be forgotten and lifetime data retention").
The Swiss edu-ID will play a vital role for the academic community going forward. It is strongly favoured by swissuniversities in the context of its programme P-2 "Scientific information: access, processing and safeguarding" (see article "Empowering Swiss research"). The idea at the heart of P-2 is that certain services will be offered to universities on a centralised basis so that they do not need to expend resources on their own solutions. This simply cannot happen without a shared digital identity.