Introduction
We refer to "our" ecosystem as the research and education sector globally. We are seeing our ecosystem interconnected with many other such ecosystems taking part in a network of ecosystems interacting on principles of distributed identities.
Our primary stakeholders are universities, NRENs, research institutes, libraries...
In scope are also use cases crossing multiple ecosystems, where only "one end" is with "our" ecosystem.
The use cases at hand can roughly be classified as follows:
- individuals as bearers of credentials:
- presenting learning and education outcomes such as diploma, transcript of records, microcredentials or badges in order to support use case such as access to other education experiences (including mobility or at alliance partners), applying for jobs or getting registered into (or staying in) professional registers.
- presenting attestations of organisational affiliations and roles such as student, staff, alumni or org. units in order to get access to restricted resources such as buildings, libraries (including subscriptions and licensed content), discounted offers or acting on behalf of the issuing organisation.
- organisations as bearers of credentials:
- embedding attestations such as (national) accreditations, scorings, listings or compliance attestations in credentials issued to individuals in order to improve the value of the attestation to bearers or to enable them to act on their behalf.
Transformative aspects
- Digital transformation of presenting learning and education outcomes:
- current: such documents are usually presented on paper - often with security elements - or as scans - where those security elements get lost. Verification of such documents involves human interaction, is quite costly and is only performed in case of suspected misuse. Some verification services exist, such as Switch Verify, but they are not standards based, offer differing sets of functionalities and did not reach substantial market coverage.
- transformed: such documents get offered as structured data in machine readable format with security elements to protect integrity, authenticity and trust. Verification can be automated, becomes cheap and can easily be performed on all documents presented that way.
- impact:
Efficiency: Moving from paper-based or scanned documents to structured data in machine-readable formats would greatly enhance efficiency. Automation of verification processes would reduce the need for human intervention, thereby saving time and resources. Institutions would be able to handle a larger volume of documents with greater speed and accuracy.
Cost Reduction: Automation of verification processes would lead to cost reduction. Institutions would no longer need to allocate significant resources to manually verify documents. Additionally, the costs associated with paper-based documentation (printing, storage, etc.) would decrease.
Accuracy & Reliability: Machine-readable formats with embedded security elements would enhance the accuracy and reliability of educational documents. The risk of tampering or forgery would be significantly reduced, increasing trust in the authenticity of the presented documents.
Accessibility & Global Reach: The adoption of standards for presenting educational documents in machine-readable formats would promote consistency and interoperability across institutions and systems. This standardisation would streamline processes and enhance collaboration within the education sector. Digital transformation would enable educational documents to be easily verified across borders, eliminating geographical barriers. This would facilitate international mobility and recognition of qualifications, promoting global collaboration and exchange in the education sector
- Scope of identity services of our community:
- current: existing identity services such as eduGAIN are used for online access to resources, but not directly for presentation of documents. Therefore, such services are only relevant to services being accessed by users.
- transformed: Emerging new identity services of our community extend beyond online resource access to include the secure presentation of documents, broadening their utility and scope.
- impact: a potentially much larger number of services - called verifier - potentially coming from a wider range of sectors outside of our own research and education sector will rely on our emerging identity services. To enable trust in our emerging services and the players in our own sector, we can no longer rely on implicit trust in our sector, but have to make it explicit to other parties. This might include elements like certifications, practice statements and sector governance.
Opportunities
- Our identity services will be offering added value to end users by extending reach and functionality.
- By tapping into the emerging solution environment "wallet ecosystem", we might no longer need to perform certain tasks on our own.
Risks
- Co-existence of "Old" and "New" Systems: The transition to the expanded identity services might not occur smoothly, leading to a prolonged co-existence of traditional methods alongside the new ones. This could result in increased complexity and maintenance efforts for our sector.
- Failure to Extend Identity Services: If our community fails to successfully expand our identity services to encompass document presentation, it may create a gap that other market solutions succeed to fill. These alternative solutions might not be tailored to the specific needs of the research and education sector, potentially offering less functionality and security to end-users.
- Ineffective Marketing of Extended Identity Services: Despite the technological advancements, our community might struggle to effectively market the benefits and capabilities of the extended identity services to relevant stakeholders. If the benefits and capabilities of the extended identity services are not adequately communicated, other parties may perceive them as less trustworthy or less suitable for their needs. This lack of trust could prevent broader adoption of the services and hinder collaboration between the research and education sector and other sectors, ultimately impeding the overall success of the initiative.
- Resistance to Change: Resistance to change from stakeholders within the research and education sector, such as institutions, administrators, or users, could impede the successful implementation and adoption of extended identity services. Resistance may stem from factors such as inertia or fear of technology, requiring effective change management strategies to overcome.
- Interoperability Challenges: Ensuring interoperability with existing systems and standards, both within the research and education sector and with external stakeholders, is crucial for the successful integration and adoption of extended identity services. Incompatibilities or difficulties in integration could hinder seamless operation and collaboration across different platforms and organisations.
Challenges in Coping with Paper Stability: The transition from traditional paper-based issuance and verification processes to digital identity services may pose challenges in maintaining the stability and reliability that paper documents offer. Paper documents have a long-standing reputation for stability and longevity, and replicating this stability in digital formats, particularly in terms of issuance and verification, may be difficult. Ensuring the durability and longevity of digital identity records while maintaining their integrity and authenticity over time is crucial to overcome this challenge.
Usability Concerns and Silos: Providing a user-friendly experience is essential for the adoption and success of identity services. However, the complexity of integrating various systems and platforms within the research and education sector may result in fragmented solutions or "silos," which can negatively impact usability. Inefficient or disjointed user experiences across different platforms or services can lead to frustration and reluctance among users to adopt the identity services. Addressing usability concerns and breaking down silos through cohesive design and integration efforts is necessary to enhance user acceptance and engagement.
Engagements
- Initiatives and projects with global scope:
- OWF (Open Wallet Foundation)
- EU-Level initiatives and projects:
- LSP (Large Scale Pilots) DC4EU
- EBSI EA Wave 3
- National initiatives and projects:
- Germany: IDunion
- Switzerland: DIDAS, E-ID participation meetings
Recommendations
Recommendations for GÉANT, NRENs, and their respective communities, including research institutions, libraries, and others:
Engagement in Standardisation Bodies: Actively participate in relevant standardisation bodies such as IETF, W3C, OpenID Foundation (e.g. Digital Credentials Protocols (DCP) Working Group). By engaging in standardisation efforts, GEANT, NRENs, and their communities can contribute to the development of interoperable and standardised protocols and specifications for identity services, ensuring compatibility and consistency across different systems and platforms.
Preventing Silos: Foster collaboration and interoperability among different stakeholders within the research and education sector to prevent the emergence of silos. Encourage the adoption of open standards and APIs to facilitate seamless integration and data exchange between various systems and services. Promote initiatives that encourage information sharing and collaboration across organisational boundaries and borders.
Addressing User Friendliness: Prioritise UX design and usability testing in the development of identity services and related applications. Conduct user research to understand the needs and preferences of different user groups within the research and education community. Invest in intuitive interfaces, clear documentation, and user-friendly workflows to enhance adoption and satisfaction among end-users.
Collaboration: Collaborate with other organisations and initiatives working on identity and authentication solutions, such as ...
- Establish ecosystem trust anchors: Develop and establish operational standards including baseline expectations covering dimensions such as security, availability and data protection. Ensure appropriate governance to enforce these operational standards for all ecosystem stakeholders.