February, 2026
Since a few years, services can not only connect authenticate users with the Switch edu-ID by using the SAML authentication protocol but also by OpenID Connect (OIDC). Since SAML is not actively developed anymore and lacks support for use cases like mobile or single-page applications or OAuth 2.0, more and more services start using OIDC which support those.
The Switch edu-ID currently only supports the extended attribute model which means that clients can only retreive the personal (self-provided) identity of the user, together with some information about their affiliations, but not the whole set of attributes within the affiliations.
This is currently a drawback of the implementation of OIDC compared to SAML for the Switch edu-ID. SAML supports the classic attribute model where the attributes of an affiliation can be released.
We hereby file a request for comments (RFC) suggesting a specification for the release of organisational identities via OIDC. We would like to call on the edu-ID community to comment on the document, ask questions and provide concrete use cases which might not be covered by it. Comments from all groups of people are welcome, although feedback that is coordinated with university IT services will be given greater weight.
Please provide your feedback until March 6th 2026 at the lastest such that it is considered for further refinements.
|
→ |
A PDF for the consultation is available: pdf All comments should be made via email on eduid@switch.ch. |