1 of 21

ERUA-iD Walkthrough

Nikos Triantafylloy, UAegean | i4m Lab

Katerina Ksystra, UAegean | i4m Lab

Petros Kavassalis, Dean of the Eng. School & UAegean | Director of i4m Lab

@ERUA 2nd Digital Escape meeting, Chios, Greece May 2023

https://www.linkedin.com/company/uaegean-i4m-lab

2 of 21

[Preliminaries]

  • ERUA (European Reform University Alliance) is a European University Alliance (UA), an project of close cooperation between Universities funded by ERASMUS (https://erua-eui.eu/), between the University of Konstanz(UKON)/DE, University of Paris 8(P8)/FR, Roskilde University(RUK)/DK, New Bulgarian University(NBU)/BU and Univ. of the Aegean(UAegean)/GR.
  • ERUA currently designs a common digital identity for ERUA students and academic personnel to facilitate the virtual and real exchanges between the 5 Universities, as well as cross-border access to common services. ERUA identity (ERUA-iD) will encourage and enable students, academic and admin personnel and researchers to register and complete courses, and participate in workshops and other research seminars offered by any ERUA Alliance member.
  • UAegean leads the effort of implementation of ERUA-iD in the form of Verifiable Credentials for student identity, for qualifications obtained within the ERUA education and research exchanges and for transcript and credits transfer before or after the enrollment in commonly developed ERUA activities.

2

3 of 21

Presentation Objective

The aim of this presentation is to:

  • Explain what ERUA-iD is, what problems it was designed to solve and how it solves them
  • Place ERUA-iD in the context of EBSI Programme
    • Provide an overview of the EBSI project and its architecture
    • Explain the role and challenges the University Alliance Cluster (Early Adopters Wave - EA 3) is addressing
    • Overview of the current proposed technical and government specifications designed to address these challenges
  • Present a pilot use case that will demonstrate these in a real life setting, i.e. register and access a Workshop via ERUA-iD

3

4 of 21

What is the ERUA-iD?

4

5 of 21

The ERUA-iD

The ERUA-iD is a digital secure “card”, that enables members of the ERUA Alliance to:

  • Prove their University Alliance (UA) Membership
  • Prove their Affiliation with their home HEI
  • Authenticate and Access (UA) Online Services. Such as Workshops and Courses, and University Facilities

5

“givenName”: string

“lastName”: string

“email”: string

“HEI Affiliation”: string

“shachomeInstitution”: string

“schacPersonalUniqueCode”: string

“AllianceID”: string

User Attributes

Tamper resistant envelope (ensure via cryptographic means)

6 of 21

Why is the ERUA-iD needed?

  • University Alliance require Seamless Access to Digital and Physical Services (Regardless of the user’s home HEI)
    • No multiple logins!
    • Mobility!
  • Student and Academic Personnel UA Membership status =/= HEI Affiliation
    • HEI UA Membership is fluid: Student and Academic personnel status and should be easily renewed or removed (minimize integration costs)
  • User academic achievements should be remain valid and
    • Empower students to control their own data and exchange across borders and after completion of their studies

6

7 of 21

How is the ERUA-iD used?

7

Issues ERUA-iD to user

User Journey is Identical when accessing Home HEI or Hosting HEI within the UA

Issuer

Holder

Verifier

Home HEI

UA Service

Presents ERUA-iD to access service

Holder Stores ERUA-iD in a Wallet app

8 of 21

How is the use of the ERUA-iD tested?

  • Pilot Case 1: UAegean-P8 & Co. Workshop
    • Participant Registration
    • Access to Workshop Portal (online service)
    • Access to Workshop Venue (physical service)
    • Participant Certification
    • Enjoy Complementary Services (in collaboration with the EWC Project and other Digital Europe LSPs)

  • Pilot Case 2: ERUA Selected Courses (student enrollment & access)
    • “Art in public spaces” offered by Paris 8 University
    • “Introductory course” offered by UKON
    • “Introductory course” offered by RUC (to be confirmed)

8

9 of 21

ERUA-iD goes EBSI

9

10 of 21

What is ?

  • Blockchain-based infrastructure that aims to deliver EU-wide cross-border public services
  • EBSI focuses on Education (essentially but not exclusively):
    • Facilitate the mobility (students, academics, young professionals)
    • Guaranteeing and verifying the authenticity of digital information in this context
  • EBSI builds:
    • Data Models for Digital Credentials for Education
    • Trust Framework about the Issuing, Verification and Revocation of such credentials
    • Credential exchange Protocols

10

11 of 21

What is EBSI Building?

11

EBSI Ledger (Trust Registry)

Issuer

Holder

Verifier

Credential Schemas

Public Keys

Request Schema

Validate Accreditation

Verify Keys

Presents Academic Credential

Issues Academic Credential

Revocation

Accreditation to Issue

EBSI Trust Framework

Onboard Entity

Data models

protocol

protocol

12 of 21

What is the relationship of EBSI and ERUA: EBSI EA 3

  • Early Adopters (EA) programme is an incubator of EBSI to help Early Adopters imagine, build and launch their EBSI pilot projects
  • ERUA has been accepted as an Early Adopter for Wave 3
  • ERUA is part of the University Alliance Cluster of Wave 3
    • Members: ERUA, Una Europa Alliance, FILMEU, UNITA, EELISA, GUNET

12

13 of 21

What is the goal of the University Alliance Cluster?

  • Identify the Challenges of building the “shared infrastructure” for a University Alliance
  • Design and Implement Technical Solutions to these Challenges using the EBSI ecosystem tools, also in light of eIDAS 2.0 Regulation
  • Design and Trust Framework to address these Challenges, also in light of eIDAS 2.0 Regulation
  • Pilot specific use cases that Prove the Feasibility of these solutions and push to Production (if possible)

13

14 of 21

What Challenges have been Identified?

  • Identify User (Personal Identification Information)
  • Verify Academic Affiliation of User
  • Verify UA Affiliation of User
  • Seamless Authentication and Service Access Mechanism (even cross Alliance)
  • Mechanism for Transferring Transcript of Records (courses)
  • Mechanism for Attesting Certifications - Microcredentials (workshops, seminars etc.)
  • Mechanism for Issuing Diplomas (completed within a UA)
  • Ensuring “Freshness” of Data (e.g. student is still a student)
  • Mechanism for Revoking Specific Attributes of the User (e.g. Alliance Membership)

14

15 of 21

What Technical Solutions have been Designed so Far?

  • Digital Credential Data Models for:
    • User Identification (eIDAS 2.0 PID or MyStudentID)
    • User Academic Affiliation (MyAcademicID)
    • User University Alliance Affiliation (MyAllianceID)
  • Use of EBSI protocols for Wallet Based Authentication protocols (OIDC4VC/VP)
  • Digital Credential Data Models for:
    • Certification (V-Certificate)
    • Transcript of Records (V-TOR)
    • Diplomas (V-Diploma)
  • Credential Expiration Strategy inline with UA requirements (ensure “freshness”)
  • Use of EBSI Revocation Infrastructure
    • Single credential revocation mechanism (e.g. revoke only UA Affiliation, not Academic Affiliation)

15

In EBSI ERUA-iD was split into these three credentials

Definition of UA Identifier, following the ESI spec

16 of 21

What Governance Frameworks have been defined?

16

MS Ministry

Root TAO > Local MS TAO (e.g. Ministry) > HEI TAO > UA Issuer (MyAcademicID, StudentID, AllianceID)

EBSI Support

HEI

User

Issue Verifiable Authorization

Issue Verifiable Accreditation

Issue Verifiable Attestation

MS Ministry

EBSI Support

HEI

UA Issuer

Issue Verifiable Authorization

Issue Verifiable Accreditation

Issue Verifiable Accreditation

User

Issue Verifiable Attestation

Type A

Type B

Root TAO > Local MS TAO (e.g. Ministry) > HEI Issuer (MyAcademicID, StudentID, AllianceID)

Depends of the Legal Status of UA

17 of 21

ERUA-iD(*) and EBSI EA 3: core pilot service

(*) Member of the EBSI Early Adopter Programme (Wave 3 | 2023)

17

18 of 21

What will the core ERUA EBSI Pilot be?

  • UAegean, P8 and others’ Workshop offered to ERUA Alliance Members (beyond ERUA as well)
    • on October 2023 (v1) and October 2024 (v2)
  • Participant Application via presentation of MyAcademicID/StudentIDs/MyAllianceID, PID
  • Approved Applicants receive V-Certificate | Proof of Registration
  • Participants present Proof of Registration to Gain Access to:
    • Online workshop services (conference links, documents, etc.)
    • Physical workshop venue (smart door)
  • Participants completing the workshop receive V-Certificate | Proof of Completion

18

19 of 21

Workshop Workstreams: A living lab for eID research and testing

Workstream 1: Workshop organization

1.1 Workshop Registration (ERUA - EBSI EA3 & EDIW Consortia)

1.2 Access Venue Facilities (ERUA - EBSI EA3 & EDIW Consortia)

1.3 Participation Proof (ERUA - EBSI EA3 & EDIW Consortia)

  • 1.3.1 EBSI Trust Framework - Proof Issuer Accreditation Published on EBSI ledger
  • 1.3.2 EDIW-ARF compliant Trust Frameworks

(+) Workstream 2: Travel to attend a Workshop

2.1 Travel to workshop area | ferry (EWC)

2.2 Travel to workshop area | plane (EWC)

(+) Workstream 3: Third-Party Services and Payments

3.1 Book a hotel (EWC)

3.2 Rent a car (EWC)

3.3 Wallet-based Reimbursement (EWC - eReceipt)

3.4 Get to workshop venue | taxi: A2A & p2p identity-based payments (online and offline)

3.5 Buy local services/products | commerce: A2A & p2p identity-based payments (online)

19

EU Digital Wallet Consortium

20 of 21

Issues to resolve

  • Wallet technology
    • EBSI and EDIW-ARF compliant
    • Options: Gataca, Grant.io, Walt.id,
  • TAO (Trusted Accredited Organization)
    • GR Ministry of Education,
    • Legal status of UA
  • Interconnection with ERUA Members IT systems
    • Status:
      • IdP integration
      • SIS integration
  • Workshop CMS
    • Status: BloomHub Integration (integration via OIDC4VP 2 SAML bridge)

20

21 of 21

thank you!

email: pkavassalis@aegean.gr, triantafyllouni@gmail.com

21