Send in your ideas. Deadline June 1, 2024
Theme fund: NGI0 PET
Start: 2019-04
End: 2019-04

EGIL SCIM client

System for Cross-domain Identity Management

Managing student information in an effective, secure and GDPR compliant way is crucial for the digitalized school. EGIL is an open source client that facilitates the exchange of student information to external providers of study material or administrative services in a standardized way. It supports attributes based on SCIM (RFC 7642-7644) and extensions, it provides an interface to common directory services and supports federated solutions between a large number of school principals and service providers. This project will improve EGIL's federative capabilities, submit an Internet-Draft on the subject federated accounts provisioning, as well as providing a proof of concept for using SCIM as the standard for exchange of student information. This will eliminate the problems caused by using several different exchange protocols and formats between school principals and service providers.

Why does this actually matter to end users?

These days organisations work with lots of external services via the internet. When those services require a login, and most do, there is some significant book-keeping to do. Sometimes your organisation will pay a flat rate to a service provider, but many other times you will pay per user or per use. The user may need to receive a personal environment, coupled to their role in your organisation. A manager or teacher may get another view than a student or a flex worker. Other times you as an organisation use the service in such a way, that you need to be able to exchange information with other systems from other provider. That means service providers need adequate and up to date information, in order for their service to properly work.

And all of this happens at quite a pace. New people join. Tasks shift. People leave. Policies change. Someone has to fill in for someone else. Laws and regulations change. Etcetera. In practical terms this means a lot of work adding and removing accounts and approving changes everywhere. Of course, you can go the easy route. If you relax on quality, you can reduce some overhead and just work with a few big vendors. Of course there is a price you pay for that convenient consolidation. You will likely not get the best of breed solutions at the best price. You are less open to innovation, only from the parties you work with. There is also a price in terms of dependency and the privacy of your users as well. A large service provider gets to learn more about your users, more than you might like - think of companies that combine advertising and user tracking with regular services. There is also of course legislation like the General Data Protection Regulation which you need to observe.

If you want to work with the best services, at the best price, you want to keep your options open. But you also want to automate, because otherwise you would not just go crazy - you would inadvertently make mistakes. This is why you will want to use interoperable standards over private arrangements. You only need to implement the right standard once, and then you can reuse it across services. Standards make management and auditing a lot easier. One young but very promising standard is SCIM, which stands for System for Cross-domain Identity Management. This already works very well inside many organisations to exchange information between your internal IT system and that of vendors.

However, there are use cases where you need one additional layer of exchange. In education, many schools and institutions like universities work together through so called federations. That means they are able to match up each others users, and have organised a smooth way of sharing resources among the different organisations. The SCIM standard is not yet able to handle this kind of aggregate collaboration, at least not in a standardised way. But of course that can be changed. This project will take a number of very experienced internet engineers that already have several internet standards on their track record. It will add a very concrete use case with real stakeholders (such as the Swedish National Agency for Education) and an open source system which is already used by many schools. With those ingredients and the grant from NGI Zero it aims to set a new internet standard for adding federation to the SCIM standard - part of which means implementing it in quality open source libraries that anyone can then adapt and reuse without limits for any purpose whatsoever.

This systemic capability will increase consumer choice and agency, and will reduce the pressure of the market towards consolidation with a few large suppliers by making it just as easy to work with small vendors. This way, it will stimulate and nurture future innovation in a structural way - which is an enormous contribution for what is on the outside a modest project with a modest budget compared to most efforts.

Run by The Internet Foundation In Sweden

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.