5 years of AAI
The Swiss Universities’ solution to the password jungle
October 5, 2010 / Marco D'Alessandro
No students recognize it, though everyone uses it. The AAI system from SWITCH networks the majority of university services and permits access with a single central login. AAI is five years old today.
As a private person it is still a distant dream, for students it is already reality: one login for everything. AAI is the Authentication and Authorization Infrastructure developed by the SWITCH foundation and the universities. SWITCHaai acts as a kind of key that links up students, lecturers and universities. With a single AAI login at their university, the 300,000 or so members of the university community throughout Switzerland can gain secure access to numerous e-learning systems and web applications from all the participating universities and colleges. This saves time for the students and reduces administrative costs for the universities.
The secret helper in everyday university life
Today, for example, AAI's typical application areas include the "OLAT" (Online Learning And Training) Learning Management System: access to OLAT is controlled via AAI, which is used not only by almost all the Zurich University faculties, but also by many other Swiss universities and increasingly by other European universities. AAI also offers the possibility of making the documents published on Zurich University's central web server available only to specific, definable user groups.
The spirit and purpose of the freely available "Moodle" course management system is similar; it is used by, amongst others, the students on the Master of Science in Engineering courses at the universities of applied sciences. Anyone who needs documentation for a course can obtain it easily using the AAI login.
The scope of the possible applications for AAI is illustrated by the example of the Swiss Federal Court: in this case students and faculty enjoy, via AAI, free access to otherwise fee-based searches in the Court’s "Official Compilation of Decisions".
No more password jungle
Today all Swiss universities and virtually all universities of applied sciences use AAI as a common platform. Ten years ago, the situation was very different: at that time, every Swiss university had to manage its members and their electronic access rights itself - a costly solution. For example, if the University of Bern wanted to make an e-learning project available to students at the University of Lausanne, it had to set up and maintain a separate database for accreditation of the relevant resources. If, in turn, the students wanted to use the service of a different university, they had to log on using the correct combination from a plethora of usernames and passwords. In 1999, therefore, it was acknowledged that the SWITCHlan network, which regulated data transfer in the higher education sector, was not adequate on its own. A common infrastructure for authentication had to be found.
Five years to solve the puzzle for AAI
Within the next five years, from 2000 to 2005, AAI was implemented under the direction of SWITCH and in close cooperation with the universities. Since the project was unique worldwide, all those involved were fairly inexperienced but tackled the task pragmatically. In particular, for a long time it was almost impossible to assess the question of technical feasibility. In 2003, however, the missing piece in the puzzle was found: Shibboleth (Hebrew for ‘a code word’). This is a standard procedure which was developed in the USA from the "Internet2" high-speed network. The freely available Shibboleth software is based on the SAML open standard (Security Assertion Markup Language), which makes the local authentication solutions of different providers or universities compatible.
The combination of Shibboleth and AAI has gained widespread acceptance not only within the country but also throughout Europe. There are global infrastructures being built on the Swiss model and they are being further jointly developed by SWITCH and the universities.