Thats how many school days are left before the big switch over in access management. So right now the debate is not about open source software, 3rd stream activities, cost benefit of propriety software v non proprietary software, long term strategy etc.

The single issue of importance until August is how will your students access resources on July 31st.

1. Whatever solution an institution has chosen they need to ensure that they have joined the Federation - which means sending the letter off and CONFIRMING the JANET reply email which should follow soon after. If an institution isn’t listed on this page then the process is NOT complete.

2. If an institution has opted to use an outsourced identity provider - and are planning on using ATHENS - Shibboleth Gateway to access federated resources (such as JISC collections, material at Edina MIMAS etc), they need to check that they have nominated their outsourced provider on their Federation Membership documentation. In some cases institutions may have become Federation members before they decided on a solution so won’t have put that information on their original application. They will want to revisit their documentation and notify JANET if anything has changed.

3. If an institution is NOT joining the Federation, and they may have their reasons (such as move to use of IP and Proxy solutions only)-, please contact the team here to double check the implications….

Many of you will have seen the invitation to the Federated Access: Future Directions (no jokes about boldly going) event being held in Birmingham on 30th June 2008. The agenda is here, and we would love to see you there.

The main purpose of the event is to help us plan the next JISC programme on access and identity management. We will be holding brainstorming sessions in the afternoon to ask attendees what they would like to see in the Programme. I’d like to be able to take ideas from the community in to these meetings so we can have a solid basis to start discussion. As such I’d like to invite you all to provide suggestions for future areas of work by commenting on this posting. If you are shy, please feel free to also e-mail me directly.

To get you started, there are some ideas below. These are just ideas that have been suggested to us and comments are welcome. Our programmes are only as good as you help us make them so please do speak out.

Possible future directions for access and identity management

- a developers forum to allow for joint development of toolkits across the community with a solid coding platform and management.
- tools for librarians to manage groups.
- work to integrate attributes within ERMs.
- recommendations for extended use of attributes within institutions.
- a review of licensing of content for virtual organisations.
- more work with CardSpace and OpenID.
- a study on the importance of cultural identity and digital identity.
- pilots for pre-course access with UCAS codes.
- account linking.
- support for Shibboleth 2.0.

We are often asked if the uptake of SAML is a purely educational process, and if there is any interest from outside the sector. The simple answer is, of course! The number of commercial service providers who have joined the UK Access Management Federation is testament to their acceptance of the SAML standard as a business requirement.

There are also significant signs of SAML being taken very seriously across other sectors within the UK and internationally. At the Mobile Gov Conference, Chris Haynes of the eDelivery Team in the Cabinet Office set out the roadmap for the development of the Government Gateway - with SAML at the core of the development.

Ian McKinnell will also be talking about the NHS and SAML at the next meeting of the NHS-HE forum.

JISC is also working with a small group of museums, libraries and archives in London to look at the potential application of SAML in these institutions.

All very interesting work presenting interesting new challenges but also added confidence on the benefits of implementation against a common standard.

Notice that BT seems to have taken a lot of flack over its test of Phorm , which matches adverts to users’ web habits. Advertisers will probably argue that examples of such tools allow them to offer better aligned services to their prospective customers – users may well wonder where the line is drawn regarding the gathering of data about their online habits.

In the UK Federation, the line is already firmly drawn. Any user accessing resources is identified to that publisher by a random string. It’s a different generated random string for the user accessing each publisher so there can be no danger of deductive matching up of identities.

That element of protection may not seem a big deal at the moment but protection and ownership of one’s online identity will be the big issue over the next year – all sectors will no doubt come under intense scrutiny, particularly as individuals will become much more aware and savvy of the issues and principles involved. Obviously the commercial sector will bear the brunt of such examination, but UK education will receive its fair share of attention eventually. Fortunately, the move to federated access management sets up a sound basis for the protection of learners identities online, while allowing scope for the degrees and types of personalisation that publishers and users want. Users (nominally institutions) determine how much info (in attributes) to release, resource providers determine how much info they require. The worst that can happen, is that nothing happens. No unpermitted exchange of data. But unpermitted does need a little unpacking. Institutions really do need to make learners aware of their information policies. Its probably not the first question on most fresher’s lips yet, but one day…………..

It is nearly easter and although the access management D-Day is end of July, in many ways it’s actually right now. Institutions (and that means Libraries, It depts and Senior management together) will need to determine now where they actually want to be by August in order to implement whatever solution that they have chosen. For a significant number of FE institutions that means analysing their Library resources profile and IT skills and determing what they 1. want to do and b.what they can do.

Where they will be in August 2008 and more importantly Aug 2009 really has to start now. All the options are out there - don’t fall into one option later by a lack of decision now - prepare now! For many coming to the issue this late from a cold start, a stepped approach may well work best (one solution for this August while working to another longer term one by Aug 2009). Outsourcing, inhouse, IP - all options on the table - you’ll know whats best for your institution……

Deadline for applying for the JISC Institutional Access Management Support Project passed today. It would be fair to say that the bus is now full up, and over half the passengers from smaller FE institutions (I-J) which we particulary wanted to target. Although places on that project are now spoken for, there is still help for Institutions that have only just made a decision to deploy a shib Idp. Netskills are running excellent three day training course, JANET will be running courses of their own and of course JISC RCS’s have events planned. Most importantly the office here is still open, so if you missed the big bus give us a call and we can talk through other ways your institution can get help setting a shib Idp up.

Google tells me LEGO is fifty today. To that honour, I post this link to the Lego Bible, which should show just how important it is to authenticate correctly through shibboleth………….

Noticed Eduserv are funding FE / HE to explore an “examination of establishing an online identity in a particular community”. Thats good news as it complements the work JISC is doing on its own Identity project, and also highlights how social networking tools are impacting how we perceive identity. The blurring of traditional identity managemnet is also all the more reason why HE / FE institutions should adopt improved control over management of their own students identities, which of course, technologies such as Shibboleth allow. For those on the “do nothing” side of the access management fence, its worth looking at what a burning issue identity is becoming among students, who may well become aware of it through social networking, but will easily make the species / system leap and perhaps put under the microscope their own identity relationship with their host institutions.

With apologies to Edmond Burke, Such a warning reminds me that “all it takes for confusion to flourish is for librarians to do nothing”

There has obviously been a lot of debate in the last two days surrounding the regrettable announcement that JISC will no longer be funding the Federation Gateway Services. This has lead to people asking questions such as ‘why did we go down this Shibboleth route at all?’. I thought it might be useful to go back to the beginning. Below is the vision statement (we are very MSP here) for the Access Management Transition Programme. I think it sums things up quite nicely.

The JISC Access Management Transition Programme aims to change the access management landscape within UK Further and Higher Education from a system predominantly based on proprietary systems to one with open standards at its core. The primary enabler of this change will be the introduction of federation access management and a strong recommendation to all institutions and organisations involved in education to implement access management solutions based on the SAML (Security Assertion Mark-Up Language) standard.

In supporting an open standards approach, rather than any particular technology, JISC hopes to:

Improve the business decisions made by institutions in relation to identity, access and resource management

Increase the commercial choice to institutions in relation to identity and access management technologies.

Reduce the impact and cost of vendor lock-in within the JISC community.

Embed knowledge within the community, rather than within any one organisation.

Place the principles of the JISC Information Environment at the core of the implementation of access management within its community.

Move towards a single sign-on environment for UK Further and Higher Education institutions across internal, external, and collaborative resources.

The JISC Access Management Transition Programme runs from July 2006 – December 2008, and is funded and supported by the JISC Integrated Information Environment Committee (JIIE). Funding of £2.2 million has been allocated to this programme.

I will be attending the next meeting of the McShib group next friday, and I am looking forward to it very much!

As part of my preparation, I had a quick look at the UK federation membership status for all of the institutions in Scotland. Currently:

• Two FE Colleges within the remit of RSC Scotland North and East are members - Dundee College and Borders College. By my rough calculations, that leaves 21 to go.
• One FE College within the remit of RSC Scotland South and West is a member - Reid Kerr College. Again, that leaves about 19 to go.

It strikes me that these colleges might well think about a joint approach to the recent JISC call offering direct support to smaller FE colleges in adopting federated access management.

• 10 of the 18 Higher Education Institutions in Scotland are members of the UK federation, and most are fairly well advanced in the deployment of federated access technologies. A focus on the roll-out to users and library concerns would be helpful for these institutions.
• 3 Scottish HE institutions are considered to be in the most at risk category in terms of adopting federated access: University of the West of Scotland, RSAMD and Robert Gordon University.
• 2 Scottish HE institutions are considered to a risk 4 (out of 5): Glasgow School of Art and Queen Margaret University, Edinburgh.
• 2 Scottish HE institutions are considered to be a risk 2 (out of 5): University of St Andrews and Edinburgh College of Art
• 1 Scottish HE is considered to be a risk 1 (out of 5): Glasgow Caledonian University.

UK federation Members

Heriot-Watt University
Napier University
University of Aberdeen
University of Abertay Dundee
University of Dundee
University of Edinburgh
University of Glasgow
UHI
University of Stirling
University of Strathclyde

Scottish Higher Education - non members

Risk 5 - University of the West of Scotland
Risk 5 - Robert Gordon University Now Member!
Risk 5 - Royal Scottish Academy of Music and Drama
Risk 4 - Glasgow School of Art
Risk 4 - Queen Margaret University, Edinburgh
Risk 2 - University of St Andrews Now Member!
Risk 2 - Edinburgh College of Art
Risk 1 - Glasgow Caledonian University

RSC Scotland North and East

Aberdeen College, Aberdeen
The Adam Smith College, Glenrothes
Angus College, Angus
Banff and Buchan College, Fraserburgh
Borders College, Galashiels MEMBER
Dundee College, Dundee MEMBER
Edinburgh’s Telford College, Edinburgh Now Member!
Elmwood College, Cupar
Forth Valley College, Falkirk
Inverness College, Inverness
Jewel and Esk Valley College, Dalkeith
Lauder College, Dunfermline
Lews Castle College, Isle of Lewis
Moray College, Elgin
Newbattle Abbey College, Dalkeith
Oatridge Agriculture College, Broxburn
Orkney College, Orkney
Perth College, Perth
Sabhal Mor Ostaig, Isle of Skye
Shetland College of Further Education, Lerwick
Stevenson College, Edinburgh
The North Highland College, Thurso
West Lothian College, Livingston

RSC Scotland South and West

Anniesland College, Glasgow Now Member!
Ayr College, Ayr
Barony College, Parkgate
Cardonald College, Glasgow Now Member!
Central College of Commerce, Glasgow
Clydebank College, Clydebank
Coatbridge College, Coatbridge
Cumbernauld College, Cumbernauld Now Member!
Dumfries and Galloway College, Heathhall
Glasgow College of Nautical Studies, Glasgow
Glasgow Metropolitan College, Glasgow
James Watt College of Further and Higher Education, Greenock
John Wheatley College, Glasgow
Kilmarnock College, Kilmarnock
Langside College of Glasgow
Motherwell College, Motherwell
North Glasgow College, Springburn
Reid Kerr College, Paisley MEMBER
South Lanarkshire College, Cambuslang
Stow College, Glasgow