Frequently Asked Questions
for Organisations and Service Providers
FAQs for end users can be found here.
- What are the use cases for the Swiss edu-ID?
- What is the architecture of the Swiss edu-ID?
- For how long must an institution keep identities?
- In which cases will the Swiss edu-ID identifier be given to services?
- Who can set attribute values?
- Does the attribute model support multiple home/office addresses?
- Are local institutional attributes stored in the central IdP?
- Will the central IdP notify institutions when core attributes have changed?
- Can anyone create a Swiss edu-ID?
- How can a service get high quality attributes?
- How can duplicate identities be avoided?
- What happens if a person overwrites a verified attribute?
- How is the current or historical membership status of a person represented?
- Can the Swiss edu-ID password be the same as the one locally used?
- Is two-factor authentication supported?
Legal and Data Protection Questions
- Who is owner of a Swiss edu-ID account?
- Who is the owner of attributes?
- How long are a Swiss edu-ID and its attributes stored?
- Can a Swiss edu-ID account be deleted?
- Why should identity data be transferred to the central IdP once a user leaves an institution?
- How are data protection principles applied in Swiss edu-ID?
- What data protection law is applicable?
- Who is liable for any damage caused by the use of Swiss edu-ID?
- We all have a Twitter ID / Facebook ID / Google ID ... - why do we need the Swiss edu-ID?
- Why does the Swiss edu-ID not rely on a internationally accepted identifier or identity?
- What are the use cases for ORCID in Swiss edu-ID?
- Does a member of a foreign higher education institution need to get a Swiss edu-ID?
- Can the Swiss edu-ID be used to access eduGAIN services?
What are the use cases for the Swiss edu-ID?
The Swiss edu-ID is an extension of SWITCHaai and covers all its use cases. In addition to that, with the Swiss edu-ID universities
- can handle students, lecturers and researchers who are members of more than one university
- have lower costs and entrance barriers with the registration of students
- can better handle guests, alumni, temporary service providers or further education students and offer them services or grant access to internal resources
Persons with a Swiss edu-ID have the benefit to need only one identity for all higher education services, and to be able to keep and re-use it after having left the university.
What is the architecture of the Swiss edu-ID?
The technical architecture of the Swiss edu-ID is based on a hub and spoke model with centralized login. Its key characteristics are:
- A person has a single account to access to all services
- Attributes about a person are delivered by
- institutions where the person is affiliated with as student, researcher, guest etc. (institutional attributes)
- the central Swiss edu-ID identity provider (core attributes)
- A person keeps the account, the identity and the personal identifier forever
For how long must an institution keep identities?
With Swiss edu-ID personal attribute information is distributed over all institutions with whom a person ever had a relation. If an institution decides not to release attribute information about a person anymore (e.g. because he/she has left the institution), then the information will also be missing in the Swiss edu-ID. Depending on the particular case, this may be wanted or unwanted by the person.
Typically, an institution like a university keeps identities as long as it has a legal obligation or another strong reason to do so. In most cases, universities will release attribute information about a person only for the duration of his/her affiliation.
If there is a requirement for historical attributes that institutions are unable to provide, an attribute archive service might be added in the future. With such a service, a person could actively transfer some institutional attributes to an archive of the central IdP before they become unavailable.
In which cases will the Swiss edu-ID identifier be given to services?
The personal Swiss edu-ID identifier is a precious piece of information. With the identifier, cooperating services could create advanced user profiles. Therefore the Swiss federal act on data protection prohibits the extensive use of unique identifiers.
An analysis of the use cases for the Swiss edu-ID revealed that the large majority of cases do no require its identifier - even though some developers believe so. Mostly, targeted identifiers that are unique but differ for each service are sufficient. However, if there remain services with a reasonable and irreplaceable requirement for the identifier, they will be granted access.
Who can set attribute values?
This question is related to "Who is the owner of attributes". Attributes can be divided into two classes: institutional attributes delivered by attribute authorities and core attributes that are independent of an institutional membership.
As a rule of thumb: institutional attributes can't be set by a person whereas core attributes are under the person's control.
Does the attribute model support multiple home/office addresses?
The Swiss edu-ID attribute model is currently under construction. So a definite answer is not possible yet.
The most common case is, that a person has one private address, and either no, one or more office addresses. A pragmatic approach would be to let the person manage his/her private address in the core attributes. The office addresses could be provided by two sources: 1) the institutional attribute authorities where the person has an office and 2) manually provided by the person for offices outside the SWITCH community.
Are local institutional attributes stored in the central IdP?
No, in most cases not. The authoritative source for institutional attributes are the attribute authorities, operated by the institutions.
Will the central IdP notify institutions when core attributes have changed?
The scenario is that a person changes the private email address or gets married and has a new name. The person makes the update in the Swiss edu-ID profile and all institutions who have that person in their records whoud be notified of such changes. This may indeed be desirable for a person (who wants to change personal core data only at one place) and institutions (who always want to have up to date personal information of their members).
A notification system can be set up if it is required by institutions, accepted by persons and legally possible.
Can anyone create a Swiss edu-ID?
The short answer is yes.
Because the short answer may be surprising some people, there is also a long answer: The Swiss edu-ID is supposed to cover a broad spectrum of use cases with e-identities ranging from "quickly created, low entrance barrier" to "comprehensive user profile, reliable attributes". It is necessary, that a person must be able to get a Swiss edu-ID quickly, with self-declared attribute information and without imposing costs. Such attributes will be tagged as self-declared and are sufficient for some services. If other services require higher attribute quality e.g. for name, birthdate or home address, a person can have attributes verified.
How can a service get high quality attributes?
Attributes of a person are tagged with their quality level (self-declared or verified). Services decide, what attributes they need and what their required quality level is. If it gets attributes at an insufficient quality level, the service may send the person through a verification process. These may be internal verification processes of the service itself or external processes provided by a third party.
An alternative to raise the quality of some attributes is to link a Swiss edu-ID to another e-identity (e.g. SWITCHaai or SuisseID) that already has verified attributes.
How can duplicate identities be avoided?
Identities without duplicates is indeed a requirement that many services have.
A Swiss edu-ID requires at least a name and an email address. The email address is verified and can only be used in one user profile. This helps to avoid unintended duplicates but still allows users to create multiple Swiss edu-ID identities.
This issue can be tackled in two ways. First: The Swiss edu-ID and services using it should be designed in a way that a user has no benefit from duplicate identities. Second: very much like attribute quality, the overall identity can be tagged if it was checked against duplicates. Services then have the means to accept only duplicate-checked identities.
Finally: for persons who unintentionally have more than one Swiss edu-ID it should be made very easy to merge multiple identities into one single identity.
What happens if a person overwrites a verified attribute?
As stated above, only core attributes are under the person's control. Overwriting a verified attribute with a new value means that the associated quality tag falls back from verified to self-declared. A re-verification of that particular attribute would be necessary to raise the quality again.
As verification processes are costly, a user should be warned if she/he attempts to overwrite or delete verified attributes.
How is the current or historical membership status of a person represented?
This question is currently under discussion in the working group Processes II. It has not been decided yet, what historical attributes should be represented, and whether they should be stored centrally in the core attributes of the Swiss edu-ID or decentrally with the institutions.
Can the Swiss edu-ID password be the same as the one locally used?
In practice, however, persons can only choose a password that complies with the institution's password policy. The issue is that institutions do have different, and sometimes even mutually exclusive password policies. It is an open question if institutions are willing to harmonize their password policies in the long run.
Is two-factor authentication supported?
Legal and Data Protection Questions
Who is owner of a Swiss edu-ID account?
Who is the owner of attributes?
It's not really a question about "ownership" but about the right to process personal data and the right to a say of the user.
Universities have the right to handle data of their members for the reasons regulated by law.
How long are a Swiss edu-ID and its attributes stored?
A Swiss edu-ID is intended to be available on a lifetime basis but for purposes of personal privacy, attributes no longer in use should not be retained forever. The holder of an unused Swiss edu-ID must be asked at regular intervals – for instance, every five years – whether his data should continue to be retained or whether they should be deleted.
Further, attributes under the control of institutions may be stored at the institution itself if a user’s Swiss edu-ID account is deleted, since a University could be held by law to store some of the user’s personal data (e.g. certificates) - but in such cases the personal data is not (or no longer) part of the Swiss edu-ID.
Can a Swiss edu-ID account be deleted?
Nevertheless, in the future and if an institution decides that a Swiss edu-ID is mandatory to use its services it might be possible to delete an account only once a person is no longer affiliated with a Higher Education Institution.
Why should identity data be transferred to the central IdP once a user leaves an institution?
Universities as public institutions must justify all processing of personal data by means of a legal basis. If the processing purpose - here the continued use of the Swiss edu-ID by the user - is not recognised or not covered by a legal basis, the Universities are usually not allowed to carry on processing the data in question.
Hence, in order for attributes to be further used after a user has left an institution, they must be transferred to the central IdP at SWITCH. This will only be done if a user agrees that SWITCH takes over the role as data processor for him/her and for attributes that the institution is ready to transfer.
How are data protection principles applied in Swiss edu-ID?
- Legality: by implementing Swiss edu-ID based on applicable law
- of the account and stored attributes: by a user interface for account view
- of released attributes: by user-consent or by institutional information for the user if his/her data is transferred in the background (e.g. for administrative purpose)
- of attributes: by allowing only required attributes and such limited to the purposes of the Swiss edu-ID
- of attribute release: by implementing controls for required attributes and for attribute release by the IdP
- Purpose binding: by processing personal data by SWITCH only for the purpose of Swiss edu-ID operation
- Data accuracy: by involving the user and by providing processes and rules to increase and verify data quality
- Disclosure of data abroad: by a Code of Conduct for Service Providers and if necessary by additional user-consent for data transmission
- Security: by applying adequate rules (restrictive access) and by using state of the art technology to protect user data (storage and transfer) and system integrity
Contracts with Service Providers grant that they too adhere to data protection principles.
What data protection law is applicable?
If the data is used by a University like for simplification of administrative processes then it’s the University who decides about the processing purpose and usually cantonal rules are applicable.
If the data is used for private purpose of the user, e.g., buying a product that is discounted for students, then it is the user who decides on how his or her data is processed and thus the Swiss Federal Data Protection Act is applicable.
Who is liable for any damage caused by the use of Swiss edu-ID?
If a user’s identity is misused it’s usually the user since it is assumed that the user has failed to protect his or her access details sufficiently, thus allowing a third party to gain access to the Swiss edu-ID.
The case is different if the misuse of the identity can be blamed on a security issue on the part of the service operator. In this case, liability is most likely to be placed with the service operator.
If a user’s access to a resource is given (or refused) because the information (attributes) used to verify the authorisation proves to have been wrong, the Code of Obligations is applicable (as long as no binding Levels of Assurance are implemented and agreed):
- The user is liable to third parties for the use of the Swiss edu-ID with attributes they have supplied or verified themselves.
- Institutions (Attribute Authorities) are liable towards SWITCH for the correctness of the attribute values they supply.
- SWITCH is liable to third parties for attributes from verified sources (currently AAI) and attributes generated by SWITCH itself.
Where one party relies on attributes supplied by another (e.g. SWITCH relies on attributes provided by the institution or vice versa), it might be liable towards third parties as mentioned above ("external" liability) while having the possibility of recourse against its contractual partner having supplied it with the incorrect attribute ("internal" liability). These issues will have to be dealt with accordingly in the contracts between the parties to the Swiss edu-ID.
How is the Swiss edu-ID financed?
The same way as SWITCHaai is funded for students, researchers and university staff, namely with membership fees from the institutions. Services that take advantage of the extended functionalities of the Swiss edu-ID will be additionally charged.
What are the costs for the owner of a Swiss edu-ID?
Every person can create and use one Swiss edu-ID at no costs.
We all have a Twitter ID / Facebook ID / Google ID ... - why do we need the Swiss edu-ID?
First, by far not every person has even one of the aforementioned social identities, and many persons have strong reservations against the companies and the business models behind them. Second, social identities and in particular their attribute models are not well suited to the requirements of higher education institutions. And finally, companies tend to stop, change or charge for their services without warning. It would be too risky for a very long-term service like the Swiss edu-ID to rely on an identity without having any influence on it's business strategy.
However, it is still conceivable to allow linking social or other ephemeral identities to the Swiss edu-ID, allowing persons to use Swiss higher education services with a social identity login.
Why does the Swiss edu-ID not rely on a internationally accepted identifier or identity?
The identifier itself has not a big use - except maybe for deduplication. It could be used for account merging if the identifier is already in use by institutions. We have considered a couple of existing identifiers (AHVN13, ORCID, ISNI, VIAF ID, ID Card etc.). They all could not be used due to legal or policy restrictions, or because they are unable to cover the entire target audience of the Swiss edu-ID.
What are the use cases for ORCID in Swiss edu-ID?
ORCID is a very recent initiative and has so far partially been taken up by the Swiss higher education community. A person can link her/his ORCID to the Swiss edu-ID in a secure way, and make that information available to Swiss edu-ID enabled services. This could be used in environments to submit publications, request for fundings, research quality control, or measurement of research output.
Does a member of a foreign higher education institution need to get a Swiss edu-ID?
Ideally, a foreign university member has a local identity from her/his home-university, which can be used to log-in to Swiss higher education services via eduGAIN. If this is not possible, foreign persons can create a Swiss edu-ID without limitations.
Can the Swiss edu-ID be used to access eduGAIN services?
Currently not, but it is planned for the future.