International Standardization for Campus IDs, an update from ECCA Workshop

During our last ECCA conference in Porto in May 2022, a discussion took place on how to homogenize the way HEIs, Service Providers and users interact in order to identify themselves. The consensus was that we have to not only consider the smart card or mobile phone, but extend the concept of credential to any kind of token available, online and offline, physical or virtual, etc.

At that time, we agreed on the main characteristics of a global credential. It has to be simple and valid for everyone; it has be issued once and used everywhere anytime, enforcing cross-border support; and last but not least it has to be GDPR compliant, so users are in absolute control of their data.

In the global market we live in, standards are necessary and the way forward. They encourage competition between Service Providers to offer added value services that enhance their platforms. Moreover, standards provide HEIs with choice in the long term.

Following this event in Porto, ECCA organized a workshop on July 7th 2022, on International Standardization for Campus IDs in collaboration with UL, the Netherlands, a contributor to the mobile driving license (mDL) standardization body, aka ISO/IEC 18013-5.

More than 60 people, including representatives from HEIs, companies and Service Providers, and other organizations attended the workshop. After an initial presentation, we had a fruitful discussion where the participants expressed their ideas and concerns. All were in agreement that the difficulties we have to overcome are not only technological, but also related to data profiling and codification and the way it is exchanged and controlled between parties.

It is important to consider from the outset the technological point of view of the token or method of storing the credential. We all know that HEIs use very different tokens, from just a piece of paper to a mobile phone, smart card, USB token, etc. A standard way of describing information and transferring it like NFC Forum does, where different types of tokens coexist sharing the same way of coding the information is something to be taken into account. In this sense, we must align the efforts with relevant industrial stakeholders in the ecosystem as for instance NXP and other card manufacturers. Having them onboard would be the only way to develop a standard solution that could be seamlessly deployed in any institution.

Concerning the data codification and information attributes describing user profiles, a modular approach should be considered. We must agree on a set of mandatory/basic attributes and values, and other optional ones, to be included in the student/staff profile. The amount of data included in the credential will vary depending on the type of token used, being the mandatory ones always found.

The attributes should not only focus on educational information, but also include relevant data to answer the requirements of in/outside campus services. Nevertheless, we must not jeopardize their definition considering very specific use cases, as access control for example.

An option that arose during the discussions considers alignment with eIDAS platform, developing a complaint profile, taking for instance the SHAC schemas for student as an initial step towards creating something more robust that can make it possible to link the identity as citizen and student or HEI staff.

It was also agreed that security must always be taken into account, both in terms of storage and more importantly for data exchange. Therefore, we should be considering a protocol (or protocols) that is secure enough, that is valid for online and offline validation and data exchange, that can be run on multiple tokens (probably with different security levels), etc.

As we have discovered, reaching a consensus will not be easy, at least in the short term. However, we have to bear in mind that the EU is working towards implementing a European Student Card by 2025. Would it be possible? We do not have the answers. In the meantime multiple efforts are being made in different EU research projects. However, from our own research we have found they are not working in coordination and sometimes work is duplicated. At the same time, other associations like GÉANT or the European Blockchain Services Infrastructure are working on other identification solutions that can be reused in the educational ecosystem.

ECCA is committed to succeed in their endeavors with a clear destination: standardization. In this sense, we will promote discussions with relevant stakeholders and disseminate the work undertaken.

You are invited to join us on a next workshop to be held in early 2023, to work together on a better future for educational identification.

Files to download