Chairs: Robert Ott, Niels van Dijk, Gert De Braekeleer

Supported by: Licia Florio, Michelle Williams

Monday 19th September 2022, 14:00-16:00 CET

https://events.geant.org/event/1130/ 

AGENDA 

14:00-14:05

Welcome


NOTES

14:05-14:35

Klaas provided an update on the latest round of EC calls on EU ID wallets and the likes. 

EBSI (the ledger infrastructure supported by the EU member states) is still growing but it needs to further mature to be used at scale; eIDAS uptake is growing but it is very much driven by the member states, the R&E community cannot influence its deployment, but can only enable authentication via eGov/eIDAS IDs for those users that have that.

The EC is promoting the wallet the wallet paradigm, to empower users to be in control. 
Two main uses have been identified: diploma  and social security; for them there will be funding to do large scale pilots (that is with at least 5 member states).

The diploma use-case has been on the agenda for some time. The original use-case was linked to Erasmus+, that is the student exchange programme. There has been significant effort in the past 20 years that resulted in a production infrastructure (Erasmus Without Paper, EWP). In the last 10 yeas, additional funding has been made available by the European Commission to digitalise the underlying infrastructure for Erasmus+.

The diploma use-case it encompasses both the Erasmus+ as well as the exchange of diplomas, micro-credentials etc.

The European Commission, opened 5 calls, There were five calls were open, two of which interesting for the NRENs, one about the EBSI and the other one about eIDAS and wallets; GEANT participate in the EBSI proposal as an associated partner and in the wallet call (Digital Credentials for Europe, DI4EU) has a beneficiary. The proposals were submitted in July; the evaluation results are expected in November. 

Paco noted that tension between the eGov driven and the education driven IDs is smaller than in the past; the biggest challenge now is about the aggregation of personal information, such as the identity, the diplomas, other roles they may have in other environment (the expectation was that eIDAS would solve but that is not the case), so particularly for the diploma’s case the universities may play a bigger role than in the past. 

14:35-15:00

Niels provided an overview on Microsoft Entra, the new capability that recently entered into production as part of Azure. ENTRA Is a verifiable credential Expert Issuance Issuance and Verifier sample. 
For more info on MS Entra https://www.microsoft.com/en-us/security/business/microsoft-entra

In NL about 80% of the unis uses Azure to connect to SURF federation. Many institutions ask how to integrate verifiable credentials with their federated access.
 
Q: was the ID-token flow tested with OIDC ? 
A: the flow was tested with SURF Conext that has also an OIDC end-point, but SURF Conext only accept https and not URN (which its what OIDC OP uses).

It is worth noting that in this solution the wallet does not communicate directly with the ledger but all the communication goes via Azure - this bears the question if this can still be considered an SSI solution. It’s not clear if one can independently validate transactions against the ION ledger. 

Niels pointed out that two features that would assert "studentness".

It is important to note also that in this implementation there is no selective release of credentials by users - the only way would be to create a new card with less information which is not very desirable. There are no schema in this ecosystem, how the verify know what to request from the issuer? Microsoft built a service where for any given issuer, the verifier can see what credentials they support. The issuer cannot bind a set of credentials to a verifier. 

 Lastly both the issuers and the verifier must have an azure instance. 

Future meetings:

AGENDA TBC

Not enough people in the room to validate the proposed date. An email will follow.
Post event survey: https://events.geant.org/event/1130/manage/surveys/

Meeting recording:  

Attending:


  • No labels

1 Comment

    1. You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.