It is great news that Becta is the latest of the 106 members of the UK federation.

JISC faces the problems of several services in our community in that we are not a legal entity and so cannot join the federation ourselves. As such, we will be members when HEFCE join up to the federation.

The process of persuading the powers that be to adopt was started sometime ago, but we haven’t yet managed to become members. Despite the fact that joining the UK federation is a simple process that is not related to the technology choices each organisation makes, explaining the process to the person who needs to sign the appropriate paperwork is often extremely complex.

Not much more to say, except we understand the challenges faced!

Today is the 3rd Meeting of JIIE for 2007, and the Committee was particularly focusing on the Information Environment (IE) Strategy, and the Users and Innovation Programme. A common theme was whether or not the word ‘presentation’ that is currently used in the IE architecture is appropriate in the changing world, or whether we should be talking more about ‘user interaction’.

Presentation of course suggests something managed by the institution and pushed out to the students - rather than user-lead model suggested by interaction.

This highlights the changing role of the institution as a broker between students and services, rather than as an infrastructure provider to students. It also refocuses on the scenarios where institutions do act as Service Providers - both to their own students and to students, institutions and indeed businesses elsewhere.

Ian Dolphin asked a series of questions, one of which was around the role of access management in this changing environment. Some of my thoughts on this:

• Federated Access does not negate user-centric identity and access management, as I often see suggested. Institutions should broker access for their students where appropriate..and it such as an institution brokering access to licensed resources on behalf of the student. This can be completely compatible with a user-lead approach.
• Users cannot effectively manage their own identities as yet, or verify their own identities - institutions are effective brokers in this scenario. The role of the broker and trusted verifier is very important to all user-centric identity management systems such as OpenID and identity metasystems.
• Attributes provide an effective way of providing information to enable user interaction, particularly when moving away from the concept that their is a presentation ‘layer’. JISC will shortly be issuing an ITT looking at the role attributes can play in providing a personalised experience.

Thankfully, this all fits nicely with the forward look for access and identity management within JISC - which is always a relief!

While at the Janet UK Federation briefing event yesterday, someone sitting next to me asked me if I was a content supplier. Working in HE, that doesn’t happen to me very often – turned out it was all because of my laptop. I had a reasonably flash one, so I must be in commerce not education…… Moral of the story – sadly, all too often Librarians seem to be towards the bottom of the food chain when it comes to getting shiny toys. It’s important because it can be the shiny toys that inspire us to be ambitious in how we use IT. Could a particular institutions reluctance to adopt sophisticated access management be routed in a child-hood laptop deprivation of never having seen a dual core processor in action?

While on the topic of righting misconceptions, I’ve noticed the odd supplier using the JISC HE / FE banding as their pricing structure. Nothing wrong in that, however, care needs to be taken too not imply the pricing structure of a particular product is set by JISC- suppliers are welcome to use the structure, but it shouldn’t be implied that use of the structure means defacto JISC endorsement.

This event on Web 2.0 technologies and their use for outreach work, organised by JISC for JISC staff with a communication role (JISC Services Upskilling - Exploiting Communication Channels, 5 Sept, Oxford) did not have a specific focus on access management, but it did highlight the importance of good access management for a world where the number of web applications and tools used by individuals and institutions is growing at an unprecedented rate, while users increasingly expect 24/7 seamless and secure access to a wide range of technologies and applications.

The event covered a range of Web 2.0 technologies, such as wikis, blogs, podcasting and RSS, as well as some more ‘traditional’ communication tools, such as print and online newsletters and mailing lists.

I thought the choice of speakers was very good. I was particularly impressed by Brian Kelly’s presentation, giving an overview of Web 2.0 technologies and giving (lots of) reasons for using them in dissemination work.

Some recent research funded by JISC has highlighted the importance of embracing Web 2.0 technologies by universities. 84 % of respondents agreed with the statement that they ‘like to keep up-to-date with new technology and use it as much as possible both for study and in my free time’.

It is good to know that a number of web 2.0 technologies have already adopted federated access management, such as Twiki, Dspace etc.

The JISC now provide Shibboleth access to JISCmail. (It was fun to see a virtual JISCmail office with a Shibboleth logo on its front during a demonstration of Second Life by Simon Bignell of the University of Derby). JISC are currently working towards providing federated access to the JISC blogs (work in progress).

Tags: skillsday2007

Just watched the Australian Federation (Introduction to AAF federated access management) remake of the JISC Introduction to Federated Access Management animation.

Glad to say that it seemed more like a shot by shot remake, in the same way that Gus Van Sant remade Psycho, rather than the “re-envisioning” of Planet of the Apes that Tim Burton did.

There is a serious point though, a major rational for Federating around the SAML standard – is interoperability. The Oz remake (the country, not one featuring CGI flying monkeys), proves that we face similar problems and that we would seem to be on the right track with similar solutions.

Certainly makes the sentence, “an international standard”, far more meaningful….

There has been a lot of discussion on UK lists recently about the ‘discovery problem’ with federated access management. I think this can actually be translated in to three questions:

1. How do users know which ‘log-in link’ to click on when they are presented with a variety of options such as ‘organisational log-in’, ‘athens log-in’, ‘account log-in’ etc. and which credentials do they use?
2. Can users (and Service Providers) cope with the WAYF approach and should this be federation-centric or service provider-centric?
3. How do institutions ‘brand’ the log-in page they present to users and describe the network or institutional log-in, and can we gain consistency in use of this language?

There are a variety of opinions of how this should be done. Below, I’ve recorded my personal thoughts in relation to this, but I’d be very interested to hear from others…

• Identity Providers should use institutional branding on log-in pages where-ever possible, and particularly if the credentials for federated access are the same as a user’s typical organisation log-in.
• If an IdP uses different credentials for federated access management, they may wish to consider using UK federation branding to help differentiate. Some guidelines are available here. It is worth considering whether the UK federation will be the custodian of all federated access transactions before making this decision (i.e. internal federated resources, other collaborative resources etc.).
• Use of a centralised, federation-controlled WAYF is clearly not the most effective way of carrying out discovery and should be used as a ‘last resort’ when Identity Providers or Service Providers have no other ways of managing discovery.
• Users like embedded links in institutional repositories / portals, but more work is needed to make the creation and embedding of structured links easier and more maintainable.
• Service Providers should think long and hard about how they present log-in links to users.

I think there is some work for the access management team here…but there are some really good examples of good discovery in action.

From the Identity Provider perspective, I really like the approach taken by Margaret Flett at UCL, as described in her presentation to CPD25.

From the Service Provider perspective, I like the elegance of the SP-side WAYF created by JSTOR, which combines both Athens access and devolved access in to one process.

Saw some numbers concerning Federation membership being bandied around in an IWR article. Once the reader has got past some of the inconsistencies of the piece (such as the headline writer making the mistake of considering the Federation and Shibboleth as synonymous), the message that perhaps should be drawn out of the piece is one of JISC commitment to technical open standards, and general “openness”.

One of the benefits of a JISC approach combined with an open standards approach is that all of the information concerning the Federation is public and open – This includes TWO Institutional preparedness studies which are now available in full on the web (which incidentally cover a much larger sample than the survey sited in the IWR piece) and details of membership of the federation (Institutions and Service Providers) are freely available for all to see on the Federation website. UK HE / FE is a very complex and heterogeneous environment- where “one solution” certainly does not fit all. Different strokes for different folks means the future of access management is certainly not a zero-sum game, where there can only be one choice or winner, but one of an eclectic range of provision and solutions.

JISC championing of an open standards approach, public availability of surveys and development of the Athens Shibboleth Gateways demonstrates an awareness of the need for institutions to have real choices regarding access management, based on their own individual circumstances.