Opinions Wanted
Posted by nicole on June 3rd, 2008
Many of you will have seen the invitation to the Federated Access: Future Directions (no jokes about boldly going) event being held in Birmingham on 30th June 2008. The agenda is here, and we would love to see you there.
The main purpose of the event is to help us plan the next JISC programme on access and identity management. We will be holding brainstorming sessions in the afternoon to ask attendees what they would like to see in the Programme. I’d like to be able to take ideas from the community in to these meetings so we can have a solid basis to start discussion. As such I’d like to invite you all to provide suggestions for future areas of work by commenting on this posting. If you are shy, please feel free to also e-mail me directly.
To get you started, there are some ideas below. These are just ideas that have been suggested to us and comments are welcome. Our programmes are only as good as you help us make them so please do speak out.
Possible future directions for access and identity management
- a developers forum to allow for joint development of toolkits across the community with a solid coding platform and management.
- tools for librarians to manage groups.
- work to integrate attributes within ERMs.
- recommendations for extended use of attributes within institutions.
- a review of licensing of content for virtual organisations.
- more work with CardSpace and OpenID.
- a study on the importance of cultural identity and digital identity.
- pilots for pre-course access with UCAS codes.
- account linking.
- support for Shibboleth 2.0.
June 4th, 2008 at 8:43 am
The “user experience” of OpenID interactions is well recognised as being an area that needs more work - hence the development of services like Clickpass and so on. I guess that the same can be said of the Federation. On that basis, funding activities that develop innovative approaches to hiding the R/SP->[WAYF]->IdP->R/SP chain or that simply try to make recommend good practice in this area might be worthwhile?
Andy.
June 4th, 2008 at 9:10 am
Development of toolkits across the community would be very desirable. Once an institute has deployed shibboleth successfully they largely have to figure out how to use it themselves. Shibboleth has many different usage patterns and is usable in many different programming languages, making this a very complex decision, with little information in the community on how to do it. I would like to see example code and configuration for the major web application programming languages (java, php, .net, python, ruby, perl)when used on apache, IIS, and via connectors like mod_proxy/fastcgi. The examples could be how to consume shib headers, how to use lazy sessions, how to use session initiators to direct users to different wayfs in one app(eg “Americans login here, Brits here”), how to give meaningful error messages to unauthenticated users that enable them to remedy the problem, how to use shib to set up an application specific sessions (one of the easiest integration techniques). What the implications are about session timeouts e.g. if your session timesout in a long wiki edit all the editing is lost (shib relogin kills post data).
June 4th, 2008 at 10:19 am
How about remote access management for electronic resources. With Athens, quite fine grained access could be done using permission sets, by institutional staff. With the move to shibboleth, that dynamic capability has gone. Allowing institutional staff to create sub collections of resources based on attributes and values, without having to go through a manual process of phoning the supplier and explaining it and having to go through them to update the attributes/collections.
June 4th, 2008 at 10:21 am
What do you mean by “toolkits across the community”? Are we allowed into the core code? i.e. to get rid of the griffin page. A lot of sites would like to customise/brand/document the error displayed by an SP. A small enhancement to the Shibboleth profile could provide that. Is that level of shibboleth code access allowed?
June 5th, 2008 at 9:26 am
At a discussion I was at yesterday with senior IS/IT managers, several people suggested that institutional managers would benefit from sharing ideas on how to secure buy-in, budget and staff time to develop their access management solutions. Various “trojan horses” were discussed as ways of getting the issue onto the table: lifelong learning networks, phsyical ID card access systems, and so on: various ways of selling the internal benefits of FAM. Perhaps there could be further opportunities for sharing these sorts of experience in confidence?
June 5th, 2008 at 1:36 pm
I would like to support the suggestion of more work on account linking, particularly at the interface between Education and Research and other sectors. My interest of course is the interface with the NHS and as you know we are in discussions with the National Library for Health in England about the opportunities presented by SAML based federated access management. At the moment though this is about joint working with the two (at least)separate accounts for staff and students working across the two sectors but the holy grail is that the resource entitlements are merged seamlessly in some way.
June 11th, 2008 at 3:45 pm
At CETIS we were planning to do some consultation with the eLearning community to develop scenarios for exploring the use of oAuth; that would potentially be something that could feed into the programme planning. However, we weren’t planning on doing this until September.
June 12th, 2008 at 2:59 pm
The Business case toolkit and supporting case studies which we prepared may provide some help in this regard.