![Page 2: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/2.jpg)
© 2017 SWITCH | 2
• Introduction and numbers (Christoph Graf) • Why SWITCH edu-ID (Andres Aeschlimann) • News for Services (Rolf Brugger) • News for Organisations (Rolf Brugger)
Topics for the next 60 minutes
![Page 3: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/3.jpg)
© 2017 SWITCH | 3
Our core beliefs
Together for greater capability, convenience and security in the digital world.
![Page 4: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/4.jpg)
© 2017 SWITCH | 4
Mission SWITCH is an integral part of the Swiss academic community. Based on our core competencies • Network • Security • Identity Management SWITCH offers collaboratively developed ICT solutions that empower users in and beyond the academic world to achieve leading edge results in a globally competitive environment.
![Page 5: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/5.jpg)
© 2017 SWITCH | 5
Community work
Foundation
Integrated offer
Added value for customers
![Page 6: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/6.jpg)
© 2017 SWITCH | 6
Foundation purpose
Excerpt from the deed of foundation Berne, 22 October 1987
"The foundation has as its objective to create, promote and offer the necessary basis for the effective use of modern methods of telecomputing in teaching and research in Switzerland, to be involved in and to support such methods. It is a non-profit foundation that does not pursue commercial targets."
![Page 7: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/7.jpg)
© 2017 SWITCH | 7
Extended community • Other organizations involved in research or
education
SWITCH community • Swiss universities on tertiary level (academic
sector) and their research institutions
Commercial customers • Registrars of .ch- and .li-Domain-Names,
Swiss financial institutions, research-related industry and government
Our customers
![Page 8: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/8.jpg)
© 2017 SWITCH | 8
Video Management
Collaboration Procurement
Infrastructure & Data Services
Network
Registry
Trust & Identity
Security
Integrated offer
![Page 9: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/9.jpg)
© 2017 SWITCH | 9
SWITCH edu-ID / SWITCHaai
The universal and secure key SWITCH edu-ID is the universal and safe identity for access to services in the academic community.
Your benefits • One identity for all services in the
federation • Legal bases of Switzerland • Governance defined by the
universities • SWITCH as a partner for your
investment in the future
Customers • Universities • University related
organizations • Third-party
providers
Services • IdP/AP-hosting
• 800 service provider, 70 federation partner
![Page 10: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/10.jpg)
© 2017 SWITCH | 10 10
The foundation: SWITCHaai
Enter higher education, get one key, access many resources
![Page 11: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/11.jpg)
© 2017 SWITCH | 11
SWITCHaai Federation Summer 2017
0 100 200 300 400 500 600 700 800 900
1,000
2004 2006 2008 2010 2012 2014 2016
0
10
20
30
40
50
60
70
2004 2006 2008 2010 2012 2014 2016
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
2004 2006 2008 2010 2012 2014 2016
# Resources
# Home Organizations
# AAI enabled accounts
99% coverage in higher education
Interfederation enabled
![Page 12: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/12.jpg)
© 2017 SWITCH | 12
AAI AAI AAI AAI
But what happens over time?
12
School University education
Side Job
Community Work
Side Job
Employment
Employment
Post- graduate
Self- Employment
Further education Side Job Further
education
School
![Page 13: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/13.jpg)
© 2017 SWITCH | 13
Swiss edu-ID
Tidying up
13
School University education
Side Job
Community Work
Side Job
Employment
Employment
Post- graduate
Self- Employment
Further education Side Job Further
education
School
![Page 15: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/15.jpg)
© 2017 SWITCH | 2
• Persistency: – Built to survive organisational affiliations
• User-centrism: – User issues his/her identity in a light-weight self-registration process – User brings his/her identity to the university/employer (if pre-existing) – User decides whether to pass on data (but usually not on its
contents!)
SWITCH edu-ID concept corner stones
![Page 16: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/16.jpg)
© 2017 SWITCH | 3
• Organisational backing: – Organisations add or validate attributes of identities
• Openness: – Open to members of Swiss academia and people with relation to it
• Scalable quality: – Allow for low quality: Yes, this is a feature! – Foresee validation processes to increase the quality level – Offer quality transparency: relying parties can base decisions on
quality level
• Support mobile environments and non-web use cases
SWITCH edu-ID concept corner stones (cont.)
![Page 17: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/17.jpg)
© 2017 SWITCH | 4
People without SWITCHaai accounts?
Services and tools
✔
SWITCHaai: !
SWITCH edu-ID: ✔
![Page 18: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/18.jpg)
© 2017 SWITCH | 5
Openness: “Not anyone should have a SWITCH edu-
ID”
User-centrism: “Make sure SWITCH edu-ID has sufficient quality”
because Having an ID implies access rights
Counterexample: ID / Passport
Counterexample: Github-ID
Getting access is done by a - explicit (identify person) - implicit (personal attribute) registration procedure
because SPs can rely on high quality attributes
but Not all SPs need high quality attributes
attribute quality
low entrance barrier tradeoff
![Page 19: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/19.jpg)
© 2017 SWITCH | 6
Affiliations, Roles
![Page 20: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/20.jpg)
© 2017 SWITCH | 7
What’s in for the Universities?
Migrated university
SWITCHedu-ID
MFA National licenses
SWITCH drive
CH/EU eID?
Mobile/ non-web
LoA/QL
Migrated university
Migrated university SuisseID
/SwissID educa.ch
SLSP/Libraries
?
SDSC ??
![Page 21: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/21.jpg)
© 2017 SWITCH | 8
• The concept “Swiss edu-ID” – Reflected in the architecture document and in the service description
• The identifier “Swiss edu-ID” – A 32 digit hexadecimal encoded number following RFC4122. Well
hidden.
• The project “Swiss edu-ID” – SWITCH initiated the CUS P-2 projects “Swiss edu-ID” and “Swiss
edu-ID phase II” to implement the roadmap of the substrategy
• The service “SWITCH edu-ID” – The services “SWITCH edu-ID V1.0” and “SWITCH edu-ID V2.0” are
milestones on that roadmap
“Swiss edu-ID” vs. “SWITCH edu-ID”
![Page 22: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/22.jpg)
© 2017 SWITCH | 9
Basic Components of the SWITCH edu-ID
Participants Operator Participants and
Federation Partners
IdM Admin Panels
IdM Admin Panels
Attribute Authority Attribute Authority
SWITCHedu-ID Participant
Attribute Aggregator
User Authenti-
cation
User Profile Panel
IdM Admin Panels
User Directory
Federation Registry
Service Provider
Attribute Provider
SWITCH edu-ID Operator
Organisational Directory
Organisatio- nal IdM
IdM Provisioning
Service
Attribute Filter
Audit Log
Affiliation Index
Affiliation Archive
SP Notification
![Page 23: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/23.jpg)
© 2017 SWITCH | 10
Decision Matrix for Services
One affiliation at a time ! classic model
Multiple affiliations at a time or quality info ! extended model
ID for university members only
• LMS for students and staff
• Academic file sharing system (SWITCHdrive)
ID for university member and others
• LMS that should also be open for private, external people
• Private people accessing to research publications (National Licenses) edu-ID
AAI
![Page 24: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/24.jpg)
© 2017 SWITCH | 11
Broader Use Cases
SWITCHaai e.g. LMS for students
and staff
Ser
ving
a w
ider
use
r bas
e
SWITCH edu-ID e.g. LMS for students, staff, external people
Multiple affiliations and (meta-) quality information
SWITCH edu-ID e.g. Academic File Sharing
SWITCH edu-ID e.g. National
Licenses
![Page 25: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/25.jpg)
© 2017 SWITCH | 12
?
Questions?
![Page 27: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/27.jpg)
© 2017 SWITCH | 2
Data Model
HomeOrg:UniAUnique/persistent-IDFirst/lastnameDateofbirthEmailPhonePostaladdressAffiliationstudybranch“localattributes”
Unique/pers-edu-IDHomeOrgeduid.chFirst/lastnameEmailHomepostaladdressMobilephoneDateofbirthORCID
HomeOrg:UniBUnique/persistent-IDFirst/lastnameDateofbirthEmailPhonePostaladdressAffiliationstudybranch“localattributes”
HomeOrg:UniDAffiliationaffiliationperiod
Current Affiliations Former Affiliations
HomeOrg:UniCAffiliationstudybranchaffiliationperiod
Base Identity
Managed and controlled by universities
Managed and controlled by individual
![Page 28: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/28.jpg)
© 2017 SWITCH | 3
HomeOrg:UniAUnique/persistent-IDFirst/lastnameDateofbirthEmailPhonePostaladdressAffiliationstudybranch“localattributes”
Login
SP
“AAI Model” Stud (UniA)
HomeOrg:UniAUnique/persistent-IDFirst/lastnameDateofbirthEmailPhonePostaladdressAffiliationstudybranch“localattributes”
Login
SP
“Classic Model”
privat stud
(UniA)
staff (UniB)
Affiliation chooser
SWITCH edu-id
Unique/pers-edu-IDHomeOrgeduid.chNameEmail(user-managed)HomepostaladdressMobilephoneDateofbirthORCIDAffiliationstudent@UniAstudybranchEmail(affil)[email protected]
Affiliationstaff@UniBEmail(affil)[email protected]
Login
SP
“Extended Model”
privat stud (UniA)
staff (UniB)
Optionalaffiliation choice
SWITCH edu-id
WAYF
![Page 29: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/29.jpg)
© 2017 SWITCH | 4
SWITCH edu-ID quality model
• Authentication quality: NIST SP 800-63-2 – Level 1: no id proving – Level 2: single factor auth – Level 3: multi factor auth – Level 4: multi factor auth with
hard cryptographic tokens
• Attribute validation quality: eCH-0171 quality model – Level 1 “low”:
Minimal trust in asserted value
– Level 2 “medium”: Basic processes and control mecha-nisms. Verification with non-official ID or certificate
– Level 3 “high”: Processes and control mechanisms are supervised by external entity. Verification with more than one non-official ID or certificate
– Level 4 “very high”: Processes backed by legal standards. Supervision by accredited entity. Veri-fication with official ID or certificate 4
![Page 30: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/30.jpg)
© 2017 SWITCH | 5
Quality in Both Models
Unique/pers-edu-IDHomeOrgeduid.chNameEmail(user-managed)HomepostaladdressMobilephoneDateofbirthORCIDAffiliationstudent@UniAstudybranchEmail(affil)[email protected]
Affiliationstaff@UniBEmail(affil)[email protected]
Unique/pers-IDid@UniAHomeOrgUniANameHomepostaladdressMobilephoneDateofbirthORCIDAffiliationstudent@UniAstudybranchEmail(affil)[email protected]
“Extended Model” “Classic Model”
AAI-quality
AAI-quality
quality 1..4 quality 1..4 quality 1..4 quality 1..4 quality 1..4 quality 1..4
![Page 31: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/31.jpg)
© 2017 SWITCH | 6
Architecture Diagram
IdM Admin Panels
IdM Admin Panels
Attribute Authority Attribute Authority
Swiss edu-ID Participant
Attribute Aggregator
User UI
IdM Administra-
tion UI
User Directory, Attribute Archive
Service Provider
Attribute Provider
Swiss edu-ID Operator
Organisational Directory
Organisatio- nal IdM
IdM Provisioning
Service
Attribute Filter
SP Notification
Participants SWITCH Participants and Federation Partners
![Page 32: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/32.jpg)
© 2017 SWITCH | 7
Opportunities available
Extend user group (alumni, guests, …) ✔ New attributes (edu-ID unique ID, ORCID) ✔ Get extensive affiliation information ✔ Get attribute quality information ✔ Attribute verification processes ✔ Get user profile change notifications (✔) Share attribute/group information with other SPs (✔) AM protocols for national services (OIDC, AD, LDAP) (✔) Access to former affiliations
SP Opportunities
7
![Page 34: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/34.jpg)
© 2017 SWITCH | 9
More efficient identity management • More efficient enrollment processes for students (and staff) • More up-to-date user information, less duplicates • Finally a solution for all the “nasty” cases
• Temporary or short term members like guests, • Research groups with university members and private partners
• Stay in contact with former members • Long-term perspective: more quality for less money
è Cooperative identity management with universities
Benefits for Organizations
![Page 35: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/35.jpg)
© 2017 SWITCH | 10
Cooperative Identity Management
10
University IdM-processes
SWITCH edu-ID IdM-Processes
Registration Name change Address change Incidents
Name change Address change On/Offboarding
IdM Uni 2
IdM Uni 3
IdM Uni 4
IdM Uni 5
![Page 36: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/36.jpg)
© 2017 SWITCH | 11
“A person has at most one account”
• Intentional or unintentional duplicates? • Technical measures
– Register personal attributes and check for uniqueness: email, mobile phone number, Orcid-ID, passport number…
– Heurisics with groups of attributes: first name + last name + birth date
– Costs of attribute verification? – Data protection! (Social security number AHVN13)
• Service-Design – In the long run a person has no advantage with a double identity ➔ can be achieved if identity is intensively used
Duplicates
11
![Page 37: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/37.jpg)
© 2017 SWITCH | 12
Level Tasks Benefits
linked • “nothing”! • Communication measures
naked Swiss edu-ID
edu-ID with affiliations and assurance levels
integrated • Migrate all users to edu-ID • Manage Swiss edu-ID
identifier in internal directory • Operate attribute provider
• No local SAML-IdP required anymore
• More efficient user identity initialization
• Access to SPs with new Protocols
• New Auth methods deeper integration
• Receive and process IdM updates from Swiss edu-ID
• Notify Swiss edu-ID of IdM updates
• Streamlined IdM processes • up-to-date identities
- locally - in entire community
Organisation Integration Depth
12
![Page 38: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/38.jpg)
© 2017 SWITCH | 13
until 13:15 Salads, Curry & Beverages: Buffet Dessert: Coffee, Sweeties etc.: Cafeteria kiosk (please show your badge)
Lunch
![Page 39: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/39.jpg)
© 2017 SWITCH | 14
www.switch.ch/30years
SWITCH – an integral part of the Swiss academic community since 1987.
![Page 41: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/41.jpg)
© 2017 SWITCH | 2
Welcome & introduction Pilot projects
• National licenses service • Student registration pilots • Cloud-ID migration • Swiss edu-ID mobile app
Coffee break (14:30 – 14:55) First results from migration strategy planning
• Most promising integration scenarios • Status & statements from participating universities
Roadmap and next steps Conclusions (until 16:15)
Agenda
![Page 42: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/42.jpg)
© 2017 SWITCH | 3
Mission SWITCH is an integral part of the Swiss academic community. Based on our core competencies • Network • Security • Identity Management SWITCH offers collaboratively developed ICT solutions that empower users in and beyond the academic world to achieve leading edge results in a globally competitive environment.
![Page 43: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/43.jpg)
© 2017 SWITCH | 4
Community work
Foundation
Integrated offer
Added value for customers
![Page 44: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/44.jpg)
© 2017 SWITCH | 5
Extended community • Other organizations involved in research or
education
SWITCH community • Swiss universities on tertiary level (academic
sector) and their research institutions
Commercial customers • Registrars of .ch- and .li-Domain-Names,
Swiss financial institutions, research-related industry and government
Our customers
![Page 45: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/45.jpg)
© 2017 SWITCH | 6
SWITCH edu-ID / SWITCHaai
The universal and secure key SWITCH edu-ID is the universal and safe identity for access to services in the academic community.
Your benefits • One identity for all services in the
federation • Legal bases of Switzerland • Governance defined by the
universities • SWITCH as a partner for your
investment in the future
Customers • Universities • University related
organizations • Third-party
providers
Services • IdP/AP-hosting
• 800 service provider, 70 federation partner
![Page 46: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/46.jpg)
© 2017 SWITCH | 7
SWITCHaai Federation Summer 2017
0 100 200 300 400 500 600 700 800 900
1,000
2004 2006 2008 2010 2012 2014 2016
0
10
20
30
40
50
60
70
2004 2006 2008 2010 2012 2014 2016
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
2004 2006 2008 2010 2012 2014 2016
# Resources
# Home Organizations
# AAI enabled accounts
99% coverage in higher education
Interfederation enabled
![Page 47: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/47.jpg)
© 2017 SWITCH | 8
• Use cases collected in spring 2013 • Findings and conclusions published Aug. 2013
– “Foundations for the strategy”, aka “the IBM document” – Prominent role of identity management for all “national services”
• Groups set up by CRUS to work on specific fields of action – Kick-off end of Aug. 2013 – Results delivered by 11 Oct. 2013
• Strategy group “Identity Management”:
Strategy work of CRUS-P2
8
• Matteo Corti, ETH Zürich • Omar Benkacem, Université
de Genève • Roberto Mazzoni, UZH • Wolfgang Lierz, ETH Bibliothek
• Christoph Graf, SWITCH • Dieter Glatz, Universität Basel • Kai Blanke, Universität St. Gallen • Mario Gay, Università della
Svizzera italiana
![Page 48: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/48.jpg)
© 2017 SWITCH | 9
Persistency: identities to survive organisational affiliations
User-centrism: the only stable element is the user
Organisational backing: the primary trust anchor
Openness: for all users with relation to Swiss academia
Scalable quality: transparency & validation processes
Support mobile environments & non-web use cases
SWITCH edu-ID identity corner stones
9
![Page 49: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/49.jpg)
© 2017 SWITCH | 10
Project roadmap 2014-2020
10
| | | | | | | | 2014 2015 2016 2017 2018 2019 2020
Swiss edu-ID Phase 1
Swiss edu-ID Phase 2
Depl. Step 1
Depl. Step 2
Depl. Step 3
Depl. Step 4
Functional Upgrades
Adoption
Development
Swissuniversities’ funding uncertainty: • No submission opportunity mid Aug 2017 • Future submission process under review
Position of SWITCH: We follow this roadmap
![Page 50: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/50.jpg)
© 2017 SWITCH | 11 11
![Page 51: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/51.jpg)
© 2017 SWITCH | 1
Rolf Brugger [email protected]
Bern, 28.6.2017
The „National Licenses“ Pilot Project
![Page 52: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/52.jpg)
© 2017 SWITCH | 2
![Page 53: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/53.jpg)
© 2017 SWITCH | 3
Participating Publishers
![Page 54: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/54.jpg)
© 2017 SWITCH | 4
• Needs to work for the whole Switzerland • Meet the contractual agreements: (citizenship, active user,
terms of use) • Access should be granted immediately to authorized
persons (no need to go to a library, to wait for a letter, ...) • Authentication should be possible directly on publisher's
platform (no proxy) using SAML/Shibboleth • The process should as automated as possible
National Licenses Requirements
4
![Page 55: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/55.jpg)
© 2017 SWITCH | 5
SWITCH edu-ID • Manage identities for
private individuals • Verification procedures for
home address and mobile phone number
• Implement entitlement attribute common-lib-terms
• IdP / SAML • Technical support
Division of Responsibilities
5
National Licenses • Contact to publishers • End-user interface
– Search engine for scientific articles
– User registration platform – Manage rules for user
entitlements
• End-user support
![Page 56: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/56.jpg)
© 2017 SWITCH | 6
National Licenses
6
www.nationallicences.ch www.swissbib.ch Access for private users available since December 2016 via swissbib - 6.2 Mio Articles - 1’000 private users
![Page 57: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/57.jpg)
© 2017 SWITCH | 1
Petra Kauer-Ott [email protected]
Berne, 29.6.2017
of ZHAW, ZHdK and FHNW
Registration Pilots
![Page 58: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/58.jpg)
© 2017 SWITCH | 2
Goals: 1. Improve/redesign registration process
(as part of IdM/IAM redesign) 2. Replace “throw away identities” for student candidates 3. Equip new members with an edu-ID (facilitate transition) Pilots: • ZHAW: Go live 31.5.17 (operational) • ZHdK: Go live decision end of July 2017 • FHNW: Go live 30.6./1.8.17
Adaptations of Evento are included in the latest release.
Student Registration Pilots
![Page 59: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/59.jpg)
Zürcher Fachhochschule 3
Project Online-Registration (ONLA)
Registration Portal with Evento and SWITCH edu-ID
![Page 60: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/60.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
Contents:
• Project development process
• Current situation
• Outlook
• Technical integration
4
![Page 61: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/61.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
Project development process
• April 2015: Start project "Online Anmeldung" (online registration)
§ No suitable tool available on the market.
• October 2015: Discussion with FHNW colleagues.
§ FHNW on the way to create tender documents.
§ Already decided to cooperate with SWITCH.
5
![Page 62: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/62.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
Project development process
• November 2015: Solution with Evento
§ new technology “WebModules”
§ EFHG = 11 universities form a panel to develop 'their' Evento
§ 11 universities shared the costs – and can use the new online registration
§ ZHAW and FHNW run the project together
6
![Page 63: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/63.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
ONLA is ONLINE Degree: Master of Science in Life Science Semester start: Spring Semester 2018 Since: 31.05.2017 Website Department N
7
![Page 64: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/64.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
8
![Page 65: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/65.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
9
![Page 66: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/66.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
Outlook: • Students can register to all degrees online for study starts from
Autumn Semester 2018 onwards.
• A subsequent project which has been initiated to implement ONLA professionally and technically shall be finalised in October 2017.
10
![Page 67: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/67.jpg)
Zürcher Fachhochschule
Project Online-Registration (ONLA)
Why SWITCH edu-ID?
• Challenge of identity:
§ We need to be able to identify each individual login.
§ We should not create any student account before matriculation.
Ø SWITCH edu-ID offers a solution for exactly this problem!
11
![Page 68: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/68.jpg)
Zürcher Fachhochschule
Key integration requirements:
• User Interface:
§ Good and clear information about the process
§ Customizable registration/login screens (logo, text, links)
• Technical:
§ Swiss edu-ID internal identifier available for SP
§ Integration with CLX.EventoNG
Project Online-Registration (ONLA)
![Page 69: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/69.jpg)
Zürcher Fachhochschule
Customizable:
Project Online-Registration (ONLA)
redesigned registration process with less single steps
![Page 70: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/70.jpg)
Zürcher Fachhochschule
Technical realization:
• Create a SWITCH edu-ID and login to the registration portal:
§ Person is created in Evento and its UID is stored in the Evento-Database.
§ CLX.Evento OAuth Server supports SAML2.0.
§ Logout on Evento and SWITCH is possible.
Project Online-Registration (ONLA)
![Page 71: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/71.jpg)
Zürcher Fachhochschule
Next steps I:
• Duplicate detection
§ Currently only few fields are used in registration process (firstname, surname, e-mail)
§ Primary identifier missing (e.g. social security number, birthdate)
• For candidates who already have an internal account (employees, current students):
§ In planning: Login with existing AD account (via ADFS)
§ Maybe: automatic detection on single Loginpage: SWITCH <> ADFS
Project Online-Registration (ONLA)
![Page 72: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/72.jpg)
Zürcher Fachhochschule
Next steps II:
• Synchronization between SWITCH edu-ID and Active Directory…
Project Online-Registration (ONLA)
![Page 73: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/73.jpg)
© 2017 SWITCH | 17
Claudia Monstein, project leader IAM
ZHdK ONLA Pilot
Ongoing IAM redesign project à Occasion to implement online registration
![Page 74: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/74.jpg)
© 2017 SWITCH | 18
for master studies music and design Planning: Go Live in summer 2017 Decision: end of July 2017 Precondition: tested, reliable and approved pilot solution
Online Registration Pilot
![Page 75: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/75.jpg)
© 2017 SWITCH | 19
Implementation of ONLA with SWITCH edu-ID but … additional requirement is feature for multiple login options: • developed by Crealogix • not ready yet • must be tested before go live
Challenges
![Page 76: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/76.jpg)
© 2017 SWITCH | 20
☺ multiple login options: AD login AND edu-ID login à student with local account uses AD account à new student uses edu-ID account
" only login option with edu-ID for all students à risk of duplicates
Best & Worst Case
![Page 77: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/77.jpg)
© 2017 SWITCH | 21
• Complexity of IAM project • Staff ready for new process ? • Legal questions answered ? • Requirements of different study fields implemented ?
(standardization vs. individualized solutions)
Change Process
![Page 78: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/78.jpg)
@fhnw edu-ID Pilot Projects
![Page 79: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/79.jpg)
3 pilot projects
- EVER
- ONLA
- Groups Inside Guest
29/6/17 Corporate IT, FHNW 23
edu-ID Pilot Projects
![Page 80: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/80.jpg)
29/6/17 Corporate IT, FHNW 24
EVER - Evento Event Registration
- Continuing Education courses (CAS, MAS, seminars, etc.)
- Login with edu-ID and AAI FHNW
- Single Page Angular Application with .NET Backend Services
- OIDC Authentication
- Go-Live: 30.06.2017
![Page 81: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/81.jpg)
- Online Registration for degree studies (bachelor and master)
- Part of Evento school administration suite (developed by CREALOGIX)
- Login only via IdP edu-ID
- Go-Live: 01.08.2017
29/6/17 Corporate IT, FHNW 25
ONLA
![Page 82: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/82.jpg)
- SharePoint Collaboration Platform
- Working with external partners, researchers, suppliers etc.
- Migration project (replacing an existing solution with dedicated AD)
- Consistent user experience for FHNW resources
- Go-Live: 01.11.2017
29/6/17 Corporate IT, FHNW 26
Groups Inside Guest
![Page 83: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/83.jpg)
Same generic process in all cases:
1. Onboarding application (initiate)
2. Manage edu-ID affiliation @fhnw in IAM System
3. Access FHNW resources (based on Affiliation attributes)
29/6/17 Corporate IT, FHNW 27
Key aspect 1 – High level process
![Page 84: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/84.jpg)
- 2 registration flows - Registration with Login - Login (with Registration if needed)
- Only possible with a edu-ID Registration Form Customization (return url)
- Flows can be controlled with special parameters (target URL) - Security restriction: same host as Service Provider
- Target URL is consistent through the whole registration flow
29/6/17 Corporate IT, FHNW 28
Key aspect 2 – seamless user experience
![Page 85: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/85.jpg)
29/6/17 Corporate IT, FHNW 29
FAQSeite
LoginmiteduIDàloginàregis ter
LoginmiteduIDàloginàregis ter
www.fhnw.ch/ eduidAuswertenvontarget
-target=appA-target=appB
regis ter
regis ter
AufrufmitUR LParameter-?entityID=sts.fhnw.ch-?target=appName(neu)(targetis teinoptionalerParameterwelcherübergesamterReg is trationRequestbestehenbleibensol l)
TokenbeiemailVerification(?token=tokenID)àdamuss derParametertargetauchwiederenthaltens ein
![Page 86: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/86.jpg)
Links
- https://www.switch.ch/aai/guides/sp/edu-id-link-composer/
- https://forge.switch.ch/projects/edu-id/wiki/Swiss_edu-ID_Registration_and_Login_Flows
29/6/17 Corporate IT, FHNW 30
Demo
![Page 87: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/87.jpg)
23.03.2017 Corporate IT, FHNW 31
Questions?
Contact: - Michael Hausherr, Enterprise Architect
T: +41 56 202 71 56, E: [email protected] - Joël Hasler, System Specialist SharePoint
T: +41 56 202 70 79, E: [email protected]
![Page 88: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/88.jpg)
© 2017 SWITCH | 1
Christoph Graf [email protected]
Berne, 29.6.2017
Project Liaison with „Swiss edu-ID Mobile APP“
![Page 89: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/89.jpg)
© 2017 SWITCH | 2
Persistency: identities to survive organisational affiliations
User-centrism: the only stable element is the user
Organisational backing: the primary trust anchor
Openness: for all users with relation to Swiss academia
Scalable quality: transparency & validation processes
Support mobile environments & non-web use cases
SWITCH edu-ID identity corner stones
2
![Page 90: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/90.jpg)
© 2017 SWITCH | 3
Liaison with project “Swiss edu-ID Mobile”
3
Common Roadmap
Swiss edu-ID Mobile Lead: Christian Glahn, HTW Chur Partners: USI, FHNW
Goal: Sustainable integration of the Swiss edu-ID Mobile App deliverables with the SWITCH edu-ID services and infrastructure
Conditions: strategic fit and positive cost-benefit assessment (next milestone autumn 2017)
![Page 91: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/91.jpg)
© 2017 SWITCH | 4
until 14:55 Take something to drink (coffee, tea etc.) & to eat (fruit, sugary treat etc.) at the Cafeteria kiosk (please show your badge) After the break: Please fill in the feedback form !
Coffee Break
![Page 92: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/92.jpg)
© 2017 SWITCH | 1
Startseite Untertitel
Unternehmenspräsentation
Rolf Brugger [email protected]
Bern, 28.6.2017
Integrating the SWITCH edu-ID at a University
Integration Scenarios
![Page 93: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/93.jpg)
© 2017 SWITCH | 2
Adoption Path for an Organization • API: Organization notifies edu-ID about new affiliations • API: edu-ID knows current attributes for a person
• edu-ID requests current attributes when they are needed (polling) • Organization notifies edu-ID about attribute changes (pushing)
• Make sure all organization members … • Have an edu-ID • Linked to organizational identity ➔ Current and future members
• Shut down local Shib-IdP
![Page 94: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/94.jpg)
© 2017 SWITCH | 3 3
Onboarding of new (future) Users, Offboarding and Attribute Updates
![Page 95: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/95.jpg)
© 2017 SWITCH | 4
On-/off-boarding in the “Leading System” approach
Employee mgt system
Student mgt system
Cont. educ. mgt system
Leading IdM
system
edu-ID IdP
edu-ID IdM
Member enrolment (online form with edu-ID Login)
Email Name
ID
Email, Name, ID, …
ID, affiliation
Member un-enrollment
User data flow edu-ID protected web site
on-/off-boarding, updates
(notification)
![Page 96: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/96.jpg)
© 2017 SWITCH | 5
Decentral On-/off-boarding in the “Meta Directory” approach
Employee mgt system
Student mgt system
Cont. educ. mgt system
edu-ID IdP
edu-ID IdM
Member enrolment
Email, Name, ID
ID, affiliation
Member un-enrolment
Meta DB Full edu-ID coverage
Member enrolment
Member enrolment
User data flow edu-ID protected web site
on-/off-boarding, updates
(notification)
![Page 97: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/97.jpg)
© 2017 SWITCH | 6
Member un-enrolment
Centralized On-/off-boarding in the “Meta Directory” approach (synchronous)
Employee mgt system
Student mgt system
Cont. educ. mgt system
edu-ID IdM
User data flow
Member enrolment ID
Meta DB Full edu-ID coverage
Member enrolment
Member enrolment
edu-ID IdP
edu-ID Linking (i.e. mail invitation)
affiliation ID
ID
offboarding, updates
(by periodical polling)
ID, affiliation
Account Creation
edu-ID protected web site
onboarding (notification)
![Page 98: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/98.jpg)
© 2017 SWITCH | 7
Member un-enrolment
Centralized On-/off-boarding in the “Meta Directory” approach (asynchronous)
Employee mgt system
Student mgt system
Cont. educ. mgt system
edu-ID IdM
Member enrolment ID
“Meta” DB Partial edu-ID
coverage
Member enrolment
Member enrolment
edu-ID IdP
edu-ID Linking email ID
ID, affiliation
User data flow edu-ID protected web site
affiliation ID
onboarding (notification)
offboarding, updates
(by periodical polling)
![Page 99: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/99.jpg)
© 2017 SWITCH | 8
edu-ID Linking Page
8
University: user profile
SWITCH edu-ID
edu-ID login create edu-ID https://eduid.ch/link?code=123XYZ&ret=uni.ch/uprofile
link edu-ID login
link
create
edu-ID linked https://uni.ch/uprofile?code=123XYZ&id=f7b83c42-9f3d-45de-8146-1e00e15938a9
edu-ID IdP
Onboarding“addaffiliation”
![Page 100: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/100.jpg)
© 2017 SWITCH | 9
• Organization informs edu-ID IdP about affiliation changes – Add/remove affiliation – Update affiliation (attribute push as alternative to attribute polling)
• SCIM REST API (Draft) Add an affiliation: PUT https://eduid.ch/api/v1/Users/04111fb2-5e82-4b20-81bf-fa0f4f86aa07 { swissEduIDLinkedAffiliation:"[email protected]", swissEduIDAffiliationPeriodBegin:"2017-12-01" }
Remove an affiliation: PUT https://eduid.ch/api/v1/Users/04111fb2-5e82-4b20-81bf-fa0f4f86aa07 { swissEduIDAffiliationPeriodEnd:"2017-12-01" }
API to Update Affiliation Status (SCIM)
9
![Page 101: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/101.jpg)
© 2017 SWITCH | 10
IdM Admin Panels
IdM Admin Panels
Attribute Authority Attribute Authority
Swiss edu-ID Participant
Basic Components - Simplified
Attribute Aggregator
User UI
IdM Administra-
tion UI
User Directory, Attribute Archive
Service Provider
Attribute Provider
Swiss edu-ID Operator
Organisational Directory
Organisatio- nal IdM
IdM Provisioning
Service
Attribute Filter
SP Notification
Attribute polling
Attribute push
Participants SWITCH Participants and Federation Partners
![Page 102: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/102.jpg)
© 2017 SWITCH | 11 11
Equip all Current Organization Members with an edu-ID
![Page 103: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/103.jpg)
© 2017 SWITCH | 12
Adoption Path
12
aai: Uni
aai: Uni
edu-ID
aai: Uni
edu-ID
edu-ID • Uni
Integrated Linked
![Page 104: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/104.jpg)
© 2017 SWITCH | 13
Scenario 1: Involve all Users before Day X
13
aai: Uni aai: Uni
edu-ID
aai: Uni
edu-ID
edu-ID • Uni
Preparation: invite users to create and link edu-ID account
At day X: Merge linked accounts
Before day X: linked accounts have limited functionality. Users can’t access to classic SPs as Org-members.
![Page 105: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/105.jpg)
© 2017 SWITCH | 14
Scenario 2: Involve Users after Day X
14
aai: Uni aai: Uni
edu-ID
edu-ID • Uni
At day X: Merge linked accounts
internal
After day X: invite users to create and link account
At day X: Users lose fede- ration account
![Page 106: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/106.jpg)
© 2017 SWITCH | 15
Scenario 3: create edu-ID for Users
15
aai: Uni aai: Uni
edu-ID
aai: Uni
edu-ID
edu-ID • Uni
At day X: Merge linked accounts
At day X: create edu-ID accounts
edu-ID • Uni
edu-ID 2
edu-ID
edu-ID • Uni
Duplicate resolution
![Page 107: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/107.jpg)
© 2017 SWITCH | 1
Petra Kauer-Ott Joël Hasler, FHNW Pierre Mellier, EPFL Jacques Tissot, UNIFR (Simon Frigg, UNISG) (Nisanth Muthukirushnasamy, ZHAW)
Berne, 29.6.2017
Migration Strategy Planning ???
![Page 108: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/108.jpg)
© 2017 SWITCH | 2
= preparatory work for adoption of SWITCH edu-ID = project planning 1. Have/develop a clear vision (now à future) 2. Define goals, tasks and outline 3. Involve the right people 4. Identify risks 5. Describe work/steps 6. Define roadmap
Migration Strategy Planning
![Page 109: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/109.jpg)
© 2017 SWITCH | 3
Reach the finish line together
SWITCH edu-ID
University (IAM project)
![Page 110: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/110.jpg)
© 2017 SWITCH | 4
• EPFL • FHNW • UNIFR • UNIGE • UNIL • UNISG • ZHAW
The early birds are
![Page 111: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/111.jpg)
© 2017 SWITCH | 5
The early birds do 1. Work on their migration strategy
2. Show other birds how to “catch the worm”
![Page 112: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/112.jpg)
@fhnw Migration strategy project
![Page 113: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/113.jpg)
- Timing is everything - Identity and Access Management
(IAM) Project - Benefit from each other
- Good starting point for IAM project
29/6/17 Corporate IT, FHNW 7
Motivation
- AAI very important for FHNW, high number of AAI enabled resources - SWITCH edu-ID is the evolution of AAI
- Strategic topic - Guidance from head of IT (initiated by enterprise architecture team)
![Page 114: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/114.jpg)
- Gives the possibility to re-engineer and automate various processes (e.g. ONLA – onboarding of students)
- Ability to eliminate media disruption and make the processes more consistent
- Bring your own account - Account management and Self-service functionalities can
be outsourced for external and guest Accounts
- One Account for everything - Medium-term: specific target groups no longer need a
local account (e.g.. ONLA à moodle à inside à eduroam …)
- Long-term: one account for all services 29/6/17 Corporate IT, FHNW 8
Benefits
![Page 115: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/115.jpg)
- Small project team (4-6 people from central IT)
- Focus on fundamental work, get the necessary technical expertise
- Work out the relevant parameters together with SWITCH
- When the «big picture» is all there we expand the project scope - Plan and initialize Communication - Start with the decision making process
29/6/17 Corporate IT, FHNW 9
Putting all pieces together
![Page 116: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/116.jpg)
- The question is when, how much to whom? - Communication is one of the key steps in
this project
- What we did until now: - Specific selective communication in the pilot project scope - Respective product owner defined the communication strategy
- What we do in the future: - After «big picture» is assembled
- Brood communication inside and outside of IT (different stakeholder) Ideas: raffle aligned with project marketing
notice on the AAI Login Page
29/6/17 Corporate IT, FHNW 10
Communication
![Page 117: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/117.jpg)
- Integration of SWITCH edu-ID as federated identity into IAM system
- «Hybrid» edu-ID adoption scenario
- Custom attribute synchronization
- Kerberos integration for login
- Technical edu-ID Accounts
29/6/17 Corporate IT, FHNW 11
Technical challenges
![Page 118: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/118.jpg)
- 3 Workshops (à 1.5 day per person)
- Note: - a big part of the groundwork
was done in the IAM project - preparation time for the workshops was
therefore not excessive
- Pilot projects handled outside of the migration project
29/6/17 Corporate IT, FHNW 12
Ressource
![Page 119: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/119.jpg)
- 3 pilots go live within the next months
- One more workshop with SWITCH to finalize the big picture
- Decision making across all departments
- Setup the communication strategy
- Initialize the implementation project in coordination with the IAM project
29/6/17 Corporate IT, FHNW 13
Next Steps
![Page 120: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/120.jpg)
23.03.2017 Corporate IT, FHNW 14
Questions?
Contact: - Michael Hausherr, Enterprise Architect
T: +41 56 202 71 56, E: [email protected] - Joël Hasler, System Specialist SharePoint
T: +41 56 202 70 79, E: [email protected]
![Page 121: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/121.jpg)
Status & Statements EPFL
29/0
6/20
17
VPSI
15
![Page 122: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/122.jpg)
Risks • Strict regulations about exchange of private user data • Acceptance of first movers’ risks is very low • Integration of SWITCH edu-ID at minimal cost
29/0
6/20
17
VPSI
16
![Page 123: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/123.jpg)
Strict regulations about exchange of
private user data
• No answers from the Federal Data Protection and Information Commissioner (FDPIC)
• Technical alternatives without attribute cache seem possible
29/0
6/20
17
VPSI
17
![Page 124: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/124.jpg)
Acceptance of first movers’ risks is very low • Mostly all current EPFL WEB use cases are well
managed by SWITCHaai • Main stakeholders are not against SWITCH edu-ID. It
may be a solution for the future. They are waiting • Scientists have a strong need for Non-WEB
Authentication at a Federation level
29/0
6/20
17
VPSI
18
![Page 125: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/125.jpg)
29/0
6/20
17
VPSI
19
Integration of SWITCH edu-ID at minimal cost
![Page 126: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/126.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Nom / Name | Fonction / Funktion Titre de la présentation / Titel der Präsentation 21.06.17
FIRST WORKSHOPS – SWITCH EDU-ID
![Page 127: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/127.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
CONTEXT
§ Full redesign of the Information System (Campus
Management)
![Page 128: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/128.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
WHY PILOTING ?
§ PROs
§ «baby-sitting» by SWITCH
§ CONs / RISK
§ Low maturity on both sides
![Page 129: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/129.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
OUR JOURNEY WITH SWITCH (…SO FAR)
§ Objectives set upfront: § Architecture & migration strategy defined by end 2017
§ 3x 2h workshop
§ Unifr participants: security officer, AAI admin, AD
admin, software architect
§ 3x 1h technical discussion (1-to-1)
§ Preparation work (AAI admin): ~10h
![Page 130: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/130.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
TARGET ARCHITECTURE
§ Meta Directory approach
§ Centralised Provisioning approach
§ Leading System approach
![Page 131: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/131.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
MIGRATION / ONBOARDING APPROACHS (TBC)
§ Onboarding (new students & new staff)
§ Edu-ID account required on 1st access to AAI
ressources, after cut-off day
§ Migration (existing students & staff)
§ Same as above
§ Current discussions
§ Moodle users migration
§ Ok from Direction
§ Technical design and development
![Page 132: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/132.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
CAMPUS MANAGEMENT
HRAccess EtatFR
CAS
Personal datas
Active Directory Moodle
www.unifr.ch
SYMPA
local
local
local
Moodle local
Survey local
OPENLDAP
post.unifr.ch (smtp auth) Exchange
Sysadmin scripts
80 %
10 %
smtp
VPN Wifi
CISCO ISE (guests)
Portal
Person infos User infos
my.unifr.ch Inscruni (Students)
Acad (SAI) Indigo (Adm) Gefri (Fac)
SWITCH edu-id Unifr apps
* edu-id request
id@eduid
*
?
id@eduid ?
![Page 133: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/133.jpg)
UNIVERSITÉ DE FRIBOURG / UNIVERSITÄT FREIBURG | DIRECTION DES SERVICES IT / DIREKTION DER IT DIENSTE | Jacques Tissot | System Engineer
THANK YOU FOR YOUR ATTENTION
§ Contact : § [email protected]
![Page 134: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/134.jpg)
© 2017 SWITCH | 28
Swiss edu-ID – UNISG Status Update Simon Frigg 29. June 2017
![Page 135: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/135.jpg)
© 2017 SWITCH | 29
Project Information
Project Goal Base for SWITCH edu-ID is provided at UNISG Tasks • Define onboarding processes for students & staff
• Create tool for mapping of SWITCH edu-ID and UNISG accounts
• Store SWITCH edu-ID Identifier • Integrate login mechanism via ADFS
Benefit • Replacement of SWITCHaai • Access for library users (Swiss Library Service
Platform (SLSP) • Redesign of future registration process:
Use of SWITCH edu-ID • Joint Medical Master HSG & Uni ZH – possible
collaboration
![Page 136: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/136.jpg)
© 2017 SWITCH | 30
Integration Scenario(s) Best Chances: Mix between «Meta-Directory» and «Centralised Provisioning»
Reasons: • Many independent Business Units administer their own
applications with own data sets • Within project Swiss edu-ID only base is elaborated • Swiss edu-ID project depends on other identity management
projects ongoing at UNISG (CRM, account management)
![Page 137: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/137.jpg)
Zürcher Fachhochschule
ICT – F&S
SWITCH EDU-ID
31
![Page 138: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/138.jpg)
Zürcher Fachhochschule
SWITCH edu-ID
32
• benefit for ZHAW: usability, performance, management of overlapping roles etc.
• impact on users & processes, e.g., change of user id • coverage of the overall life-cycle with the changing
roles (e.g., applicant, staff, student, alumni) • efficiency in relation to business processes and IT-
infrastructure • realistic roadmap for transition to SWITCH edu-ID
GOALS & EXPECTATIONS
![Page 139: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/139.jpg)
Zürcher Fachhochschule
SWITCH edu-ID
33
• IDM project leader • IT head & team leader • security officer • business applications • access management • online registration project Others: ZHAW responsible for communication inside of ZHAW and (if necessary) involvement of additional stakeholders
PEOPLE
Nisanth Muthukirushnasamy
![Page 140: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/140.jpg)
Zürcher Fachhochschule
SWITCH edu-ID
34
Work: • Analyse current use of SWITCHaai • Identify impact on existing processes/systems Effort (so far): preparation for workshops: 1 day + analysis of impact: 3 days + 2 workshops (6 people): 6 days Challenges: • Deeper understanding of internal IAM processes • Identification of stakeholders • Few adaptations on existing systems and processes
WORK & CHALLENGES
![Page 141: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/141.jpg)
Zürcher Fachhochschule
SWITCH edu-ID
35
Onboarding 1. existing users (students & staff):
Provisioning of edu-ID account by ZHAW for all people with SWITCHaai account
2. new students: via online registration (ONLA) 3. staff: via internal IdM with notification to edu-ID (à new affiliation) Offboarding (students & staff): • Notifications (à loss of affiliation) Communication strategy to grant deposit of private (primary) email address before leaving ZHAW
BEST POSSIBLE INTEGRATION SCENARIO: MIXED
![Page 142: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/142.jpg)
Zürcher Fachhochschule
SWITCH edu-iD
36
1. Evaluate scenarios in detail 2. Elaborate planning for integration of SWITCH edu-ID
NEXT
![Page 143: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/143.jpg)
© 2017 SWITCH | 37
Ask & answer questions: • What can/should be improved? • What are the requirements? • How does the current system look like? • What interfaces are provided? • How should notifications be used? • Which services need the extended model? • How do on- and offboarding processes work? • Which scenario(s) would fit best? • Who has to be informed and how? • What has to be developed? • Is a contract necessary? • Who will decide? • …. • ....
Show how to catch the worm (1)
![Page 144: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/144.jpg)
© 2017 SWITCH | 38
Generic Documentation for next planning phases: Guide with Checklists A) … B) ... C) ... D) ...
Show how to catch the worm (2)
![Page 146: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/146.jpg)
Swiss edu-ID Deployment Step 1 in 2017
Preparation
Individual Analysis 1
AHVN13 / Privacy and Data Protection
Project Management / Communication / Outreach
Jan Feb Mar April May June July Aug Sept Oct Nov Dec
Individual Analysis 2
Consolidation
Uniqueness / Credential Management / Group Management
Functional Upgrade
Migration Strategy
Project Application
Workshops stage 1
Workshops stage 2
Individual Migration Plans
Generic Migration Strategies
Swissuniversities’ funding uncertainty:• No submission opportunity mid Aug 2017• Future submission process under review
![Page 147: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/147.jpg)
Swiss edu-ID Deployment 2017 - 2020
Swiss edu-ID Operation & Supporting Measures
Strategy Series A
Strategy Series B
Strategy Series C
Strategy
Functional Upgrade 1
Functional Upgrade 2
Functional Upgrade 3
Functional Upgrade 4
ProjectApplication
Deployment Step 1
Deployment Step 2
Deployment Step 3
Deployment Step 4
Migration Series A
Migration Series B
Migration Series C
Migration Series D
Extension Phase II
![Page 148: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/148.jpg)
Swiss edu-ID Deployment 2017 - 2020
Swiss edu-ID Operation & Supporting Measures
Strategy Series A
Strategy Series B
Strategy Series C
Strategy
Functional Upgrade 1
Functional Upgrade 2
Functional Upgrade 3
Functional Upgrade 4
ProjectApplication
Deployment Step 1
Deployment Step 2
Deployment Step 3
Deployment Step 4
Migration Series A
Migration Series B
Migration Series C
Migration Series D
Extension Phase II
?
![Page 149: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/149.jpg)
© 2017 SWITCH | 5
Position of SWITCH: • SWITCH is committed to continue along this roadmap
(backed by strategy) • SWITCH will recruit candidates for “Depl. Step 2” until
end of Aug 2017 – Kick-Off for recruitment today at the edu-ID Update Event
How to continue ?
5
BFH ? UNIBE ? PHBern ? ETHZ ? UZH ? UNILU ? HSLU ? USI ? UNIBAS ?
![Page 150: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/150.jpg)
© 2017 SWITCH | 6
• Migration support (account linking etc.) • Notification handling (SCIM, processes etc.) • OIDC – Provider (result of exchange with mobile app project) • Eduroam integration (planned piloting) • Interfederation • De-duplication process for end-users (user-interface) • Monitoring for end-users • ….
Functional Upgrades – 2018 wishlist
6
![Page 151: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/151.jpg)
© 2017 SWITCH | 7
• Continue migration planning with universities • Migrate first organisation: SWITCH • Recruit candidates for Deployment Step 2 • Plan Deployment Step 2 in detail • Provide generic documentation and assist universities with
their individual integration plans • Add technical components for preferred integration
scenarios • Implement additional functionalities
a) as planned & b) new customer requirements
Next Steps
7
![Page 152: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/152.jpg)
© 2017 SWITCH | 8
Everything that’s necessary to reach the finish line together !
SWITCH edu-ID
University
University
![Page 153: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/153.jpg)
© 2017 SWITCH | 1
Christoph Graf [email protected]
Deployment Step 1 – Intermediate Conclusions SWITCH edu-ID Info Day 2017
29 June 2017, Berne
![Page 154: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/154.jpg)
© 2017 SWITCH | 2
1. Work on their migration strategy
The early birds …
2
2. Show other birds how to “catch the worm”
EPFL, FHNW, UniFR, UniGE, Unil, UniSG, ZHAW
![Page 155: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/155.jpg)
© 2017 SWITCH | 3
The “Meta-Directory” approach
3
Employee mgt system
HR
Student mgt system
Student admin
Cont. educ. mgt system
Cont. Educ.
“All others” mgt systems
??
edu-ID IdP
User data flow
edu-ID IdM
“Meta” DB
AAI IdP
IT Services Business Units SWITCH
![Page 156: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/156.jpg)
© 2017 SWITCH | 4
The “Centralised provisioning” approach
4
IT Services
HR
Student admin
Cont. Educ.
??
“Meta” DB
Business Units SWITCH
edu-ID IdP
User data flow
edu-ID IdM
Employee mgt system
Student mgt system
Cont. educ. mgt system
“All others” mgt systems
AAI IdP
Provisioning engine
![Page 157: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/157.jpg)
© 2017 SWITCH | 5
The “Leading System” approach
5
Employee mgt system
HR
Student mgt system
Student admin
Cont. educ. mgt system
Cont. Educ.
AAI IdP
edu-ID IdP
edu-ID IdM
User data flow
Leading system
IAM System
IT Services Business Units SWITCH
Provisioning engine
![Page 158: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/158.jpg)
© 2017 SWITCH | 6
Business Apps (e.g. finance,
communication)
Supporting processes: “Meta-Directory”
6
HR
Student admin
Cont. Educ.
?? Business Apps (e.g. finance,
communication)
edu-ID IdM ??
Supporting processes
Challenges
“Meta” DB
Employee mgt system
Student mgt system
Cont. educ. mgt system
“All others” mgt systems
IT Services Business Units SWITCH
![Page 159: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/159.jpg)
© 2017 SWITCH | 7
Business Apps (e.g. finance,
communication)
Supporting processes: “Centralised provisioning”
7
HR
Student admin
Cont. Educ.
?? Business Apps (e.g. finance,
communication)
edu-ID IdM ??
Supporting processes
Challenges
“Meta” DB Employee
mgt system
Student mgt system
Cont. educ. mgt system
“All others” mgt systems
IT Services Business Units SWITCH
Provisioning engine
![Page 160: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/160.jpg)
© 2017 SWITCH | 8
Business Apps (e.g. finance,
communication)
Supporting processes: “Leading system”
8
Employee mgt system
HR
Student mgt system
Student admin
Cont. educ. mgt system
Cont. Educ.
Business Apps (e.g. finance,
communication)
edu-ID IdM
Supporting processes
Challenges
IT Services Business Units SWITCH
Provisioning engine
Leading system
![Page 161: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/161.jpg)
© 2017 SWITCH | 9
Generic adoption scenarios
Meta-Directory Provisioning System
Leading System
• Proposed adoption scenarios adapted to identity management ripeness • Does not replace individual adaptation and planning efforts
> Generic adoption approach A1
> Generic adoption approach B1
> Generic adoption approach C1
> Generic adoption approach A2
> Generic adoption approach B2
> Generic adoption approach C2
![Page 162: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/162.jpg)
© 2017 SWITCH | 10
Identity Management Evolution
> Decentralised user management
> Basic support to business applications
> Crisscross processes between business applications and leading systems
> Role-scoped user management
> Limited benefit of new SWITCH edu-ID features
> Decentralised user management
> Single point of contact to business applications
> Streamlined processes between business applications and provisioning system
> Role-scoped user management
> Limited benefit of new SWITCH edu-ID features
> Centralised core user management
> Single point of contact to business applications
> Streamlined processes between business applications and provisioning system
> User-centric user management
> Full benefit of new SWITCH edu-ID features
Meta-Directory Provisioning System Leading System
• Improved agility and support for business applications • Stronger role of the IT department as integration orchestrator
![Page 163: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/163.jpg)
© 2017 SWITCH | 11
And an element of future-proof-ness
11
Migrated university
SWITCHedu-ID
MFA National licenses
SWITCH drive
CH/EU eID
Mobile/ non-web
LoA
Migrated university
Migrated university SwissID
Educa.ch
SLSP/Libraries
SWITCH engines
2017
2016 2018
2016
2019
2017
Federal consultation
2017
Informal contacts with Swiss post Informal
contacts with educa.ch
More: https://www.switch.ch/edu-id/
![Page 164: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/164.jpg)
© 2017 SWITCH | 12 12
Blog: identityblog.switch.ch Service: eduid.ch
Website: switch.ch/edu-id
Stories: switch.ch/stories/
Event: Workshops 2017
ICT Focus 27./28.11.
![Page 165: SWITCH edu-ID for Beginners...• Swiss edu-ID mobile app Coffee break (14:30 – 14:55) First results from migration strategy planning • Most promising integration scenarios •](https://reader033.vdocuments.mx/reader033/viewer/2022052611/5f088f7d7e708231d4229dca/html5/thumbnails/165.jpg)
© 2017 SWITCH | 13
www.switch.ch/30years
SWITCH – an integral part of the Swiss academic community since 1987.