According to recent reports, nicole is the 11th most likely password in a survey of one million (hacked) user accounts.

This leads me to the following conclusions:

1. My impact on the access management world is so significant, I have become a standard password….OR
2. People called Nicole are generally so dumb they are the most likely to use their own name as their password.

I’ll leave it to you to decide

Given the current economic issues for HEFCE and the education sector as a whole, I read with interest the HEFCE Grant letter for 2010 / 11. The figures are reasonably unintelligible unless you are significantly involved in grant allocations, but the interesting part of these letters is always the wording around the objectives expected of HEFCE. Can we learn anything from this that relates to access and identity management?

The key focus seems to be on greater flexibility, more part-time courses, more modular courses, more partnership courses etc. etc. This does present new challenges, particularly for identity and access management.

Current models of identity management tend to assume that the student’s primary affiliated institution will provide the student with an identity / identities - predominantly an e-mail address and credentials. A more flexible model may make it increasingly difficult to manage such a process, and also raise questions about the importance of such an approach in delivering a service to the student.

The complexity of licensing and assigning authorised rights associated with a license also becomes much more complex. If I am effectively attending four institutions, at what point in time am I authorised to access which resources in which institutions and how will you assign me these rights? Four sets of credentials? We obviously need to do much more work to look at managing multiple affiliations from an access management perspective, and also perhaps the model of institutional licensing for cross-collaboration courses. The upcoming multiple affiliations study final report from LSE and funded by Eduserv will be an interesting read, as will linking services such as the Shintau model.

The overarching model in all of this is ensuring the trust model in federated access. As we look to combine accounts and add authorisations to identities not managed by specific affiliations, how can we assure that these are well managed, revocated at the right point in time, and correctly asserted so we maintain trust? An interesting challenge for all of us I feel!

Now, how are we going to pay for it?!

You’ve probably seen the notice from JANET concerning shib 1.3 -2.0 migration.

“We strongly recommend that sites currently running Shibboleth 1.3 in production plan to upgrade to the current version of Shibboleth well in advance of the announced EOL date. This will protect against the possibility of a forced but unplanned migration from 1.3 should a security issue or incompatibility be discovered after the EOL date has been reached.”

Well the time factor here is June, which given that falls within the teaching calender means for many institutions the next appropriate downtime when they can schedule such a transition is easter. I know of a number of institutions who are already planning what they will do IT infrastructure wise during Easter, so if you are a 1.3 institution get it onto the agenda! In some cases where the library has been pushing the Shib agenda, and the IT dept has been doing the actual work- it might mean flagging the issue again to the IT team. I would be interestedto hear any migration experiences….?

Some advice here.

if I were an Institution with shib 1.3;
I’d migrate to shib 2
if I were a Publisher who has implemented access management with shib;
I’d migrate to shib 2
if I were a publisher who has not implemented access management but said they would in 2010;
I’d go ahead and deploy shib or other SAML compatible product
if I were a member of JISC access management team;
I’d federate everything I use so it wouldn’t matter that I come back after xmas holidays and can’t remember a million passwords…..