Ensuring Universal Access to the Erasmus Digital Infrastructure

Introduction

This document delineates the procedures to guarantee that all Higher Education Institutions (HEIs) and Higher Education (HE) students can access the online services offered by the European Student Card Initiative. Special attention is given to accommodating HEIs that lack the resources to uphold the necessary authentication infrastructure.

Overview of MyAcademicID

MyAcademicID facilitates secure and reliable access to the European Student Card Initiative and Erasmus+ programme services. It allows students to utilize existing credentials and attributes from their HEIs for access to additional services. This is achieved through the MyAcademicID Architecture, which leverages eduGAIN and the Academic Identity Federations, enabling users to log in with their HEI accounts and transfer academic attributes in the process.

The majority of the HEIs are members of their national academic identity federation and can release the required academic attributes to MyAcademicID. However, some HEIs are not connected to their national identity federation, leading to the scenarios discussed below.

Scenarios and Solutions

Scenario 1: Users from HEI Can Authenticate to Services from eduGAIN

HEIs connected to the National Academia Identity Federation enable users to authenticate to cross-border services via eduGAIN. These HEIs must implement:

• The European Student Identifier (ESI): GEANT ESI Guide
• Proper attribute release practices: GEANT Attribute Release Guide

Scenario 2: Users from HEI Cannot Authenticate to Services from eduGAIN

HEIs with an operational Identity Provider (IdP) that are not connected to their national academic identity federation:

• Join their National Federation and eduGAIN as an IdP, detailed at eduGAIN Technical Status, then proceed to Scenario 1.

Scenario 3: HEI Cannot Operate an IdP

For small-size HEIs unable to operate an IdP, the following steps should be taken:

• Contact their National Federation Operator at eduGAIN Technical Status to explore alternative solutions like an IdP of Last Resort or a hosted IdP Service.

While not all National Federations may currently offer these solutions, there is interest in developing them to support the academic community more effectively.

Scenario 4: HEI Cannot Join or get support from their National Federation

This scenario addresses HEIs that cannot join their national federation nor avail of an IdP of Last Resort or hosted IdP Service. The process includes:

1. DG EAC sends requests from the Digitial Officers (DO) at the National Agencies to compile the list of HEIs that need to be added to or maintained on the IdP of Last Resort.
2. Each National Agency compiles their own list and share it with DG EAC
3. DG EAC compiles the overall list and send its to GEANT
4. GEANT verifies the HEIs included in the list with the relevant Federation Operators to ensure that no HEIs are included in the list that should not be there
5. GEANT follows with the onboarding process of the HEIs to the IdP of Last Resort

This approach relies on national actors to identify HEIs requiring support, considering specific national realities and constraints unknown to the MyAcademicID Operator. A standardized whitelist process, periodic review mechanisms, and communication updates regarding institutional contact changes will be established.

For HEIs that no longer need the IdP of Last Resort support, an offboarding process will be implemented.