The action aims at combining the benefits of Member-State backed citizen (natural person identification and authentication through eIDAS) and student and researchers identities (eduGAIN from GÉANT and European Student Identifier from European Student Card) to enable a cross-sector interoperability between eIDAS and Higher Education/Research domains. This will be achieved through the deployment of the SEAL linking service platform, which will establish inter-linking mechanisms between different identities in order to support authentication mechanisms for multiple identities. SEAL identity linking service will centralise the checks of the identities on a trusted third party and provide common query interfaces so the burden of having to compare/validate the match between two identities is taken out of the services to a dedicated platform.
The SEAL platform will include the following modules/interfaces:
- Identity Provider Interface and Modules. Linking modules will be established for identities such as eIDAS eID, eduGAIN, and ePassport. The linking of other identities (such as ESC and OrcID) will be also considered;
- Identity bootstrapping: the user will be able to bootstrap unique and persistent or temporary identifier by authenticating through eIDAS (other bootstrapping methods may be considered). This will enable linking eIDAS identities to any other integrated identities establishing a persistent link between both identifiers while the user wishes to keep it;
- Identity Management Interface through which the user of the platform will be able to manage his/her wallet of links and identities (perform the identity linking procedures, as well as to manage the linking information stored in the service) through a web and a mobile interface. Mobile application will build on and reuse existing functionalities of the Erasmus+ APP (preferred option) or on UMA app.
- Service Provider Interface and Modules will allow the connection of academic institutions as consumers of the linking service (to indirectly support establishing trusted links between the datasets transferred between institutions);
- Validation Interface and Modules: Validation methods will be established based on the assurance level of the identities and validation guarantees of each validation mechanism (it can include local, remote, automated, semi-automated or third party validation).
Existing software solutions will be taken into account when implementing the modules to avoid double coding and to reduce maintenance costs. A blockchain implementation will be integrated to reinforce integrity and accountability of the interlinked information and to provide a higher degree of trust. The action will also leverage the results from ESMO Action 2017-EU-IA-0032 (mainly ESMO Gateway) which as a multi-protocol proxy solution will facilitate implementing authentication and linking modules supporting several protocols on the SEAL identity linking service.