Group call minutes 04/02/2024

Participants:

• Marlies Rikken 
• Zacharias Törnblom 
• Rolf Brugger 
• Peter Havekes 
• Maarten Kremers 
• Esther Ruiz Ben

Topic list:

• Group management (Rolf)
  • Access management & eduID
• Security deepdive (Zacharias)
  
  • Multi factor authentication good practices - such as security keys
  • Passwordless authentication eg with Passkeys
  • Security awareness → how do we teach our users??
  • Passwords must die
• User identification (Marlies)
  
  • passports or identity cards
  • User account recovery?
• User experience (Esther)
  • Share our user flows, 1 small flow at a time (Initial onboarding / a login / reaching the required level of assurance and security / account recovery /...)
  • Share our outcomes
• International interoperability of eduID (Maarten)
  
  • interop with other identifiers
  • technical interop
  • federation of eduIDs
• Relation of eduID and eIDAS (Marlies)
  
  • Relation of eduID and wallets / SSI
• Privacy & eduID 
  • Legal issues
  • Account deletion
  • Data retention vs life long learning
  • Security logs
• Mobile Apps (Peter)
  • 2nd factor auth
  • Profile managing
  • NFC for ID-docs / liveness
  • Step towards wallets?

Topic Icebox

• definition of "eduID"
  • → see Minutes edu-ID Day 2020 Utrecht chapter "what is an eduID?"

Knowledgebase outline:

Principle Public information

We edit.

Topic focus:

• basic definition,
  • Check on summary from the Utrecht sessions - take and work from there
    • Lifelong
    • User centric
    • Linking to other identities (e.g. ORCID, other eduID’s, bankID)
    • Opens up extra use-cases
    • Sector specific attributes are our unique proposition
    • Separation of authentication
      
• where does the need for the concept come from,
• basic description of current eduIDs,
  • Each eduID makes self-description - based on a set of predefined principles
    • Include:
      • Target audience(s)
      • Software & technology used
      • Features supported & roadmap
• Shared challenges for eduIDs?
  • Big Tech / Microsoft 
• Tips for other eduIDs that are setting up
  • Interfaces
  • ID verification
  • Integration in insitutions
  • Local use cases/killer features?
• IdP of last resort → for developing countries? → mention as idea / open source resources
• Relation of eduIDs to other developments, federations, technologies
  
  • eIDAS
  • wallets / SSI
  • eduGAIN
  • ESI
  • ORCID
• eduIDs outside of Europe
  • eduID africa?
  • US situation?
  • Asia?
  • Contributions welcome!!
• Touch on the interoperability question → transition across countries.