If digital teaching aids are increasingly used in class, pupils and teachers need an electronic identity in order to be able to use applications and platforms securely. This is increasingly becoming a critical success factor for schools. From the cantons’ point of view, national developments and cantonal requirements must be reconciled. In a research project of the Digital Society Centre, the situation for the Canton of Bern was analysed. The digital transformation of the school also includes the increased use of digital content and applications. If the issue of access and use of user data is not systematically resolved, numerous offers can no longer be used in practice and the data cannot be adequately protected. The education directors of the cantons have countered this negative scenario with the FIDES project, which aims to develop a federation of educational identities. This will create a national solution that will allow access to many offers with a cantonal or local education ID. The concept of federation requires that cantonal education IDs exist, because FIDES explicitly excludes the creation of a national education ID. With the federation, it only wants to enable a network for the existing identities.

What the Education ID should be able to do

In this initial situation, the Education Department of the Canton of Bern commissioned a team of researchers from the Digital Society Centre to clarify the initial situation in the Canton of Bern. The project documented the requirements and the existing infrastructure, developed a solution concept and interviewed the stakeholders. The aim of the study was to make recommendations on how to proceed and thus provide a building block for the digital transformation of the school. It was assumed that an education ID contains two central aspects and functionalities:

An education ID is a unique identifier in the form of a number that is linked to a person for the entire educational career of the learner or through the entire professional career as a teacher in the schools of the Canton of Bern. Further data can be linked to this number.
An access key (e.g. in the form of a user name and password) is linked to this education ID, which allows the person to confirm their identity to different services and thus gain access to different services in the education sector.

School leaders and stakeholders want an easy way:

for access,
to manage licences, and
to effectively protect the data of teachers and students.

Thus, the timing is right for the realisation of a solution. The biggest concerns about an Education ID relate to the protection of personal data, in particular to prevent “the glass teacher”. School publishers and providers of school administration solutions prefer a national solution so as not to have to integrate individual cantonal solutions.

Heterogeneous starting position

The initial situation differs in the various school levels with regard to the maturity of the existing infrastructure: grammar schools and vocational schools almost all use a uniform school administration solution operated by the canton, which can serve as the data basis for an Education ID. In primary schools, on the other hand, the tools used vary greatly: while many schools use a school administration solution from the three market leaders in Switzerland, Scolaris, iCampus and Lehreroffice, Excel, Access and Filemaker are used – roughly estimated – in a third of schools. These solutions based on Office tools do not allow for simple automated data matching and thus pose high hurdles for the creation of an Education ID. In the solution design, a decentralised solution based on the administration of the data and the provisioning of an ID by the schools was preferred for two reasons:

The data should continue to be managed in the schools in order to be able to guarantee that the data is up-to-date.
Decentralised data storage avoids a large database, which brings further costs and risks of attack.

The proposed implementation requires three elements:

In the individual schools, the existing school administration solution is to be expanded so that the identity information can be used as electronically confirmable attributes. This means that the individual schools need a school administration solution with an additional element that also functions as an identity provider.
To avoid duplicate educational identities being issued, a central database will be created that lists a data-carrying institution for each educational ID.
As a central element, an intermediary instance is created, called a hub or broker, which forwards confirmation requests from authorised applications to the data-carrying schools and forwards confirmations back to the applications. This central element can be used to control which applications are authorised to receive the corresponding identity information.

Thanks to data sparseness, it can be achieved that a publishing platform only learns the number, role and any necessary membership of a class, unless further details are necessary.

Hub function in the future

In the course of the project, the interaction with the national infrastructures was also discussed. It is clear that the hub functionality will one day be provided by the FIDES infrastructure and thus also the organisation of the authorisations to receive confirmed attributes. Furthermore, it can currently be assumed that the register functionality will also be provided at national level. The piloting of the national solution is currently underway and shows how the solution works. For the canton of Bern, the study shows that the national developments should be closely monitored to ensure that a functioning solution is built that meets the needs of the canton. Furthermore, the canton should examine options on how school communities can be supported in switching to a school administration solution that enables the automatic exchange of data. This will make it easier to ensure that all pupils and teachers in primary school and secondary and vocational schools can use an education ID and thus have simple and secure access to different digital applications and content in the future.

You can find the report on the project under Research Reports and Studies here.

Digital identities are with us every day. The technical possibilities are very diverse. How can digital identities enable secure identification for eGovernment and eHealth on the one hand and guarantee privacy protection on the other? Digital identities enable access to the digital society. They represent persons, organisations and objects in the digital world and are used in more and more areas of life. Each of us thus has – consciously or unconsciously – digital representations of our person for various purposes. Be it the Cumulus card from Migros, the SwissPass from the SBB or the SIM card in a mobile device, all these digital identities accompany us every day. Digital identities are very diverse. From a technical point of view, the spectrum ranges from user name/password combinations and smart cards to biometric means of identification and hardware-based certificates such as SuisseID. What characteristics should a digital identity have? A digital identity should be useful. It is a tool to be able to perform certain functionalities in the digital world. For example, with a digital identity you can prove who you are and thus use certain online services. You can digitally sign documents or data – analogous to a handwritten signature. With other, more passive identities, you can collect benefits from bonus programmes or use other real-world services, such as public transport. For some applications in the digital world, such as eGovernment, you have to be sure who is behind a digital identity. Identities, such as SuisseID, can be used as a digital ID. To do this, the identities used must be secure and trustworthy. With an identity based on a SuisseID, you can be 100% sure that you are dealing with the corresponding person. Trust in SuisseID is based on the one hand on a certified registration process, where you have to be present in person, and on the other hand on the security of the technologies used. For example, a hardware token, the SuisseID stick, prevents the SuisseID identity from being stolen. Only those who have the stick and the matching PIN can use the SuisseID. This is referred to as 2-factor authentication. A state-recognised electronic identity enjoys the highest level of trust. Here, the state assumes responsibility for registration, which is usually linked to the application for an identity document, for example an identity card or passport. But the high level of trust and security of a digital identity comes at a price: higher costs as well as complicated handling and an elaborate registration process. This usually results in poor user acceptance. Therefore, user-friendliness should always be weighed against security requirements when using digital identities. For example, a high level of security can be dispensed with for an online subscription to a daily newspaper, as the potential for damage is low. Privacy must be protected The data collection frenzy of some service providers on the Internet and various hacker attacks on customer data in recent months have strengthened the desire to protect privacy and anonymity. Particularly as it is now very difficult, and in some cases almost impossible, to remove data from the digital world once it has been disclosed. A good digital identity therefore also makes it possible to move anonymously or pseudonymously in the digital world. With these methods, the true identity of a person is hidden and only the characteristics that are essential for the use of a service, such as age, are revealed. This makes it possible to control access to inappropriate content for minors without knowing their name or gender. The disclosure of the identity (or parts of it) or the preservation of anonymity thus remains a decision of the person himself. A digital identity is not enough The various possible properties of digital identities make it clear that several identities are needed for the different areas of application. In eGovernment and also in eHealth, it is important to identify citizens and patients unambiguously in order to avoid confusion. Only a state-recognised digital identity or identities at a similarly high level of trust, such as SuisseID or the planned insurance card, which also has a unique identifier, make this possible. In other areas, where the potential for damage is lower, one can also use simpler electronic identities, such as those provided by Google or Facebook. These free identities are mostly based on self-registration with email or SMS confirmation. The personal attributes provided are mostly self-declared. Here, users and server providers alike should be aware of the dangers and risks.

Tag Archive for: Digitale Identität

The Education ID as the basis for the digital school

What the Education ID should be able to do

Heterogeneous starting position

Hub function in the future

Related Posts

Useful and secure digital identities for all areas of life and their properties

Related Posts

Subscribe to RSS

Contact

Newsletter