Trust and Internet Identity Meeting Europe
2013 - 2020: Workshops and Unconference

European Student Identifier

(Christos Kanellopoulos)

myadacemicID, part of EU student initiative, enable student mobility for all EU students by 2022 student mobility process will be fully digitalized, students will be able to participate in Erasmus without doing all paperwork.

Tools exist to follow this process and have the student be part of student mobility. From local org of students, contacting the remote institution, approving the user/student. One of the key requirements is that the user can be persistently identified throughout all steps. From making the aplication to having that application being reviewed and accepted. Completing the course and having all those records sought back to the original institution. This process has to be automatic.

A way to persistently identify the user is crucial. In this process, the process is user interactive. But also some of the processes don’t have anything to do with the user. Exchanging records between high education institutions.

This means that the user still needs to be identified properly, with an interactive session or when other systems talk with each other to enable the process. In many unis, the management of the student mobility process and the records are separate from the systems that manage the authentification of the users for the services.

It’s important to have a system that when using a student EU card that it’s also recognized by other universities that are a part of the initiative. Define an identifier. How to solve the problem of identifying the users. An IBAN like identifier which the first part denotes the country, the second part is optional area code, the third part is an identifier for the university, a PIC number. I number is assigned to the organization by the European Commission. the fourth part is connected to the person.

We thought this was the solution.

But the PIC number was a good choice. Different departments might have different pic numbers.

There was a system that was was implemented to fix these problems. We have a problem, that we need to enable this process by 2022. Big try to make this happen. We intervened and try to make it simple.

What we came up with was a scheme that is based around the SAC personal unique code, and that would introduce a URL like, country code, string that we call namespace and set up by default, which would be ESI SCHAC.

By design, we consider that the student will have multiple identifiers that should be able to be linkable during their lifetime.

This is discussed in myacademcid meetings. Part of the EU student card initiative. we spend the better part of last year to communicate with the initiative, this is a challenging thing. A lot of people picked different languages and terms. The communication was very difficult.

N: How is this identifier institution-owned if the student should be not bound to one? Why this sense of ownership?

C: This is how it has been happening, last year we engaged in the discussion, identifier exists in the campuses, making something nationwide would take tremendous time for coordination?

? Every uni has to make this change, so it will take a long time anyway.

C: You need to make this available to the campus, they have to link this to the student record.

N: You expose yourself to an enormous risk with this. I don’t think institutions will do something for you. Letting them decide what to integrate removes risk from you.

C: By design, we want to support multiple identifiers. at some point, we will reach that level. Centralized identifiers.

N: What I would be afraid of is that institutions won’t pick it up and the project will fail because of this. This is what I would be afraid of. I am worried that the students that do go abroad would suffer the same issues. The institutions won’t do work for 5 students in their population.

Erasmus’s brand is humongous. if there is a brand that can make institutions do anything and make a change, it’s this brand.

Our goal is to make sure that this is not a risk for identity federations and edugain but a complementary action. What we put together in 2017 I proposed to pursue the connection between edugain and eIDAS at the top level to be able to use identities to eIDAS notified member state to be recognized by our SPs. We are running a pilot service with sunet. We are discussing with the commission how we will go ahead with this. We would like to enable high education institutions to be able to consume eIDAS. So they could use their citizen IDs. This will not change the requirement to issue accounts.

About introducing eIDs, linking them.

M: One edugain idp or do we have to do it in each country?

C: Everyone can set up their instance but also a central instance. eIDAS governs how technically all member states talk to each other. it’s not defined by anyone, member states set up their own system, interoperate at the EU level.

Starting with one proxy and scaling out in some member states to be an part of the same ecosystem.

Gentleman from Japan: Can we connect federations?

C: EU is a connection with eIDAS but the European identifier, it has nothing to do with Europe. it can be applied to the outside of the EU as well.

This identifier has many privacy issues. should it be available to all services? no. does the user need when they go to receiving uni and to prove their identifier when they get a coffee? Of course not.

We’d have one SP connectin all Erasmus services.