Implementation phase Federated Identity Management.nrw

Project

With a period of three years, the current project phase starts in September 2021. Theoretical knowledge gained during the feasibility study will now be further developed into a working system. Basic concepts will be developed into final ones and results will already be presented to higher education schools in North Rhine Westphalia six months into the project phase. Implementation processes will be constantly be evaluated and reports communicated within the Digital College NRW.

During the entire project, there will be close cooperation with the DFN as well as similar projects from other states. In this context, the alliance bwIDM and IDM.nrw will be founded. bwIDM2 is the follow up project of bwIDM, led by KIT (Karlsruhe Institute for Technology), also starting in September 2021. By working closely, both states will profit from each other’s findings.  

Statewide workshops will be offered two times per year for all higher education schools in NRW. It enables them to participate early on and voice their individual requirements. Click here to register for the next workshop.

DFN-AAI

The DFN-AAI federation provides the necessary trust as well as the technical infrastructure to exchange user information between universities. Users can thus obtain nationwide access to web-based services of other schools with their local ID, through successful authentication at their home school. In its position as Federation Operator, the DFN-AAI provides the technical meta data and does not intervene in bilateral agreements between IdP and SP operators, which are each (usually) independent responsible bodies. This means, that the unification of the basis for authorization for higher education schools (both users and providers of services) is yet another challenge. Furthermore, concept solutions, which offer federated access to non-web based services, do not yet exist.

IDM.nrw wants to face these challenges in order to provide a process infrastructure. Additional processes should be integrated into the DFN-AAI federation. It is for that reason that one of the first steps is to found a NRW-Sub federation within the DFN-AAI.

Main topics are the standardization and unification of various processes and definitions, as well as standards in NRW, which should provide a fast and simple solution for the connecting to existing and future services.  

Advantages for higher education schools are:

  • Simple use of services
  • Uncomplicated, joint use of non-weg bases services in NRW with members of other schools
  • Getting to know new technologies
  • Unified understanding of rolls and rights
  • Safe and simple transmission of rolls and rights between schools
  • Standardized attributes
  • Differentiated status group affiliation
  • Less bureaucratic work through loss of paper applications
  • Less effort in maintaining personal data and lifecycle management
  • Creation of a basis for the participation of national and Europe-wide activities

Goal

The goal of the second phase is to realize and implement an FIDM in NRW. Based on basic concepts from the feasibility study, final concepts will be developed by executing use cases. Those concepts will be available for all higher education schools in NRW. Standards for NRW in specific areas of IDM should defined which would allow schools to easily access and offer services from/ to other schools.   

The implementation phase is divided into the following pillars and the accompanying responsibilities:

Based on these pillars, specific project goals will be defined.

Both the technical aspect, as well as the coordination and communication between all higher education schools in North Rhine Westphalia (NRW) are important factors. After revising the results from the feasibility study, central person groups will be defined. Individual case decisions at higher education schools will be identified along with the handling of “alumni”, “guests” etc. This requires communication between schools on a regular basis. Afterwards, they should (willingly) come to an understanding to implement the results in their own IDM systems.

NRW Sub federation

Along with central person groups, joint attributes will be defined (pillar I) in close cooperation with the German National Research and Education Network – Authorization and Identification Infrastructure (DFN-AAI). It includes technical forms, names as well as values resulting in a mutual standard for schools in NRW. Including projects from DH.NRW (Digital College NRW), concepts will be tested during use cases. Furthermore, a sub federation at the DFN will be founded in which all schools can participate.

Furthermore, an NRW sub federation will be founded within the DFN in which all schools are free to participate. Universities in Schleswig-Holstein and Baden-Württemberg are working on a federated identity management system for their states as well. Together, all three states will evaluate the possibility of a countywide FIDM in Germany. With it, services can be offered to a larger target group. However, a realization of such a project is not planned, yet.

It is important to include school in NRW in IDM.nrw from the beginning on. Solutions with cannot be implemented throughout schools are not goal oriented. Therefore, both external and internal evaluations will take place after each milestone. The project team itself will carry out these evaluations, as well as other schools during statewide workshops twice per year. An efficient benefit for all schools will thus be ensured.

Alliance bwIDM and IDM.nrw

The existing cooperation with the Karlsruhe Institute of Technology will be intensified during this project phase since they are planning their own follow-up project bwIDM2. With the foundation of an alliance bwIDM and IDM.nrw both projects will work simultaneously on concepts and solutions in order to profit from each other’s findings and further the goal of an FIDM. In this regard, the existing solution of bwIDM will be further developed so that requirements from both states might be fulfilled. A joint analysis of requirements should lead to mutually transferred blueprints. It will ensure a cross-state cooperation and the suitability of both concepts. Furthermore, the evaluation of (new) technologies will be a main aspect in order to assess these technologies using joint criteria.

Furthermore, IDM.nrw will cooperate with Schleswig-Holstein, which is also planning an FIDM for their state. Both project leaders will communicated findings and results on a regular basis in order to support one another, achieve mutual profit and secure the compatibility between both concepts.

Technologies and implementation

In addition, (new) technologies will be evaluated (pillars II and III), also in cooperation with bwIDM2 (federated identity management system from Baden-Wuerttemberg) in cases with mutual benefit. Afterwards, concepts for an implementation will be developed and tested in selected use cases in cooperation with schools in NRW (pillars IV and V). Among others, access to HPC Clusters (high computing cluster) of RWTH Aachen and KIT will be tested.  

The last task is to realize and implement solution concepts in the consortium of IDM.nrw. With best practice examples and given frame works, local identity management systems from higher education schools in NRW should be included in the federation.

Statewide workshops will take place every 6 months in order to communicate current results throughout the whole project phase. Furthermore, a Wikipedia will be brought online with technical details and descriptions.

Services in NRW

Please click here.