Have decided to create a record of the JISC London office Christmas parties for prosperity. This only goes back to 2003, so if you have any further information, please do let me know.

2003 - Boulevard Brasserie. Highlight was Leona and Liam dancing on tables in the Corner Store and the infamous baby photos quiz.

2004 - Now closed Italian restaurant in Soho. Highlight for me was being rung repeatedly between 11 - 1 am with people wishing me merry Christmas. I was a very nine months pregnant and curled up at home!

2005 - Tas and the White Hart. A very tame year, although Paul Gambercini put in an appearance to help us with the Christmas Music Quiz

2006 - Bond Themed Party at the City Inn in Westminster. Warning, the bar is very expensive. Freddie’s wig and Sarah’s Bond villainess hat were to be appreciated. Much memory loss all round.

2007 - Selfridges Hotel, Oxford Street. There were other people there so we had to behave ourselves. Highlights were my hair looking decent for once thanks to hours in the hairdressers and Mel and Al dancing to Valerie. First introduction of the fiendishly difficult Whetstone Quiz.

2008 - La Clique, London. A suitable camp venue for jiscites! Keith wins the Whetstone Quiz. Again.

2009 - 1940’s, Flim Noir and The Queens Arms. ????

Well, OK, not that great but I like alliteration

For #FAM09, we decided to make use of the Google Sites facility to manage all of our information flow around the event. We did mount information formally on the JISC website, but there is much richer information on the JISC FAM09 Google Site. This was really part of an experiment on my part as I wanted to know how efficiently Google could support our information requirements, as information is their business!

We were already using Google Docs to manage most of our information. Normally, I would then use the JISC website for the programme+BOS Surveys for the registration+slideshare for slides (copied to the JISC website)+a.n.other for audio / video+this blog+possibly something like Ning for delegates to talk about the event. Given that the JAM team is not overly resourced, I wanted to make life a lot easier for myself, so decided to see if Google could duplicate most of this functionality with a reasonable amount of ease.

My observations?

• Ease of Use: Google Sites is pretty easy to use, and has some nice built in tools like the ability to create different types of pages such as html pages, announcement pages, document pages, and widgit pages. None of the team had used Google Sites before and we all picked it up pretty quickly.
• Look and feel: Google Sites has a number of templates that you can chose from, and there are a variety of tools available for editing the templates. I managed to get ours looking a bit JISC-y. It would be nice to be able to create a formal JISC template, but I couldn’t see a way of uploading your own template. The urls for pages are fairly sensible, and you can chose to have word or number strings for pages.
• Forms: the forms function was very helpful and the outputs automagically created an Excel spreadsheet in our Google Docs. This was so much better and easier to manage than out normal form system so was a really big win.
• Upload: it is fairly easy to embed a document from your Google Docs into a Google Site. Making sure that all of the permissions are set so that people can download or embed in other sites (particularly presentations) was more complex and I had to revisit permission in both Google Docs and Google Sites several times before I got this right - leading to some requests for documents to be shared with delegates (sorry all). It was better than previously as Google does now let you set share permission across a whole folder of documents, but still annoying. The biggest grumble was the document page template on the Google Site. This doesn’t link to Google Docs at all and you have to physically upload files on to the Sites area. an unnecessary and annoying duplication. The presentation facilities aren’t as advanced or pretty as slide share, but the convenience of not having to upload on yet another site was helpful.
• Access Management: this was one of the most disappointing features of the site. To even be able to leave a comment, you needed to be logged in, and the only way to log in was with a Google ID. This was despite the fact that the site was fully open. Given this was a federated access event, this was a big fail for me.
• User Profiles: this really links in to the point above, but it was not possible to create a proper user profile on the site. This really cut down on some of the interaction features that I would expect from a site like Ning. However, at events I have attended in the past where Ning has been used, actual meaningful use of the functions have been low. Is this really in demand as a facility?

So overall, it was a helpful, if not completely professional approach to managing all the information for the event. I still have to finalise some details - I want to pull in some RSS feeds and look at embedding some other tools but it worked pretty well. I will really need to consider the access management, document management and template issues before using again. I’m also slightly worried now the Developer Happiness Days have gone all website posh on me…must keep up with the Jones’!

Hitting the ground running at Internet2 by diving straight in to the technical with the Shibboleth Working Group Meeting. So far San Antonio has been a surprise - certainly nothing like the other venues used by Internet2 over the years.

Shib 2.2 as a release on the SP side primarily provided a response to security incidents that happened over the summer. Otherwise, the main features are delegation, support for xml-valued attribute data, metadata tagging (something the UK federation has been doing for some time), simple attribute aggregation (which will be important as we move forward with the ‘interfederation’ process, and advanced metadata signature processes (good for the signer, good for security).

The meeting moved on to a discussion on user consent, and the importance of consent being built in to the shib codebase. Consent is still a topic that is wide open for discussion within federated access, but tools are emerging such as the Swiss UApprove and to some extent use of OAuth. A per-transaction consent module within shib could be taken forward, but is it the best place for it??

Hand in hand with this comes the idea of handing the same TargetedID across a group of services, as opposed to a particular service. The current IdP implementation does not do this, but the next release is likely to do exactly this. This is interesting for the UK, as I have had several SPs ask me for this functionality as a preference to using PrincipleName. It will be interesting to see what the people concerned with Personally Identifiable Information (PII) will say about this change!

Discussions moved on to ‘interfederation’. One of the important places to start when thinking about interfederation is that federations do not ‘own’ entities and the entities themselves have no real concept of the construct that is a federation. This, and the standards basis of SAML2, makes entities highly mobile. One of the ways of dealing with the interfederation question is to look at metadata aggregation. In this module:

• Metadata registrars take on the technical trust (e.g. registering an entity).
• ‘Federations’ then deal with behavioural trust (e.g. policies for a specific community).
• Registrars and federations MAY be colocated.
• Federations can use multiple registrars to create a metadata aggregation with specific processes wrapped around it for the community requirements.

Metadata ‘richness’ was then discussed. Metadata aggregation should be able to cope with this, but it is important that policy is not implemented at this level - for example metadata extensions could point to policies, but should never direct them.

Last week, I spoke at the eema European e-Identity Management Conference. Although intended for “those in business, public sector and government who are involved in the policy, security, systems and processes surrounding identity management”, the high price tag of the conference meant it was very business oriented. This lead to an interesting focus on mobile identity - an area that we haven’t touched on in much detail within JISC - but also to many concepts that we have been exploring in the JISC arena for some years such as federated identity, identity in the cloud etc. etc.

It was of course very satisfying for me to hear Kim Cameron of Microsoft talking about identity federation, interoperability with SAML, and the Cloud Identity Federation Gateway which is part of recent work at Microsoft, including the Identity Software and Services Roadmap. Cameron described identity in terms of claims based access, with a claim as an assertion that is in doubt. He sees it as the business of identity management to validate that claim. The importance of this in the changing environment is that enterprise systems used to be closed, but are now permeable with many interactions outside of the traditional firewall. These are exactly the issues which the education community has been grappling with through its adoption of SAML.

Kim finished by warning people ‘not to be the only person out there with a fax machine’. Given the focus on SAML at the conference, the adoption of the standard seems a sensible way of not being that person.

Overall, it seems as if the commercial world is in agreement with the education sector on its approaches to access and identity management, and in fact the education sector seems to be ahead in many respects in the route it has chosen. The hot topic of the conference was ‘identity in the cloud’ - my immediate reaction to this is that a fully distributed federated identity system does much of this already. We are in the right place.

(Oh, and in case your interesting, my slides on the Tao of Attributes are here, with much thanks to Ken Klingenstein for all the input!).

Plenary session starts at TNC2009 with a focus on the importance of communities of practise within science infrastructures. This echoes back to the discussions we had in the REFEDS meeting yesterday on the importance of allowing communities to define their identity assurance profiles - I’ve been arguing for sometime that this is not something that federations should be in the business of creating as they do not represent a community of practise.

After the usual dry Geant3 stuff, we get on the session that might explain why I am currently holding 3D glasses in my hands. Jorge Cortell from Kanteron Sytems is here to talk about augmented reality - specifically in healthcare. Augumented Reality is being used in the operating room to project very specific scans on to the patients body. This means that a doctor knows exactly where they need to operate - saving important time when, for example, removing a difficult to locate tumor. Anchoring points are used to ensure the image is located in the correct location on the patients body. This is patient specific - we all have specific anatomical abnormalities. The benefits are less pain, less medication, lower risk, and lower costs.

The day seemed to start well, when we discovered that all the local bus stops in Malaga were advertising the TERENA conference - a marvellous piece of comms work!

Things started to go less well when we realised there was a local bicycle race on that meant our bus was redirected - and we didn’t know where! In the end, flagging down a local taxi was the only option.

The return back to the hotel was slightly more successful, particularly when it was revealed that eduroam was available on the bus!

A lesson for us in the UK - we are struggling to get eduroam live in the JISC London Office…maybe was can hire Malaga Bus Authorities to do the job for us?

Sessions at the Internet2 Shibboleth Working Group are now underway in Arlington.

First up is Russell Beall, presenting on the use of Terracotta for clustering IdPs for high availability. I won’t say much about this now as it is well described here. The presentation is also available online and describes the process well. Given that I have heard quite a few comments on IdPs in the UK falling over lately, it may be of interest!

Major changes and features in Shib2.2 are next, and these are described on the Spaces wiki. Scott Cantor believes that this will be the last major release of the SP for quite some time, and is working towards a June release date.

Two developments within the IdP that may be of interest:

• “uPortal” n-tier delegation support. More on this tomorrow!
• The uApprove work will be of interest to those looking at user consent. This shows users to see the information that is being sent to the Service Provider and allows them to make decisions on whether that information should be released. Users can also be prompted to accept a ‘terms of use’ statement. This is available as an IdP plugin. There are some further developments to be done - such a providing user-friendly Service Provider names, rather than EntityIDs. There is also the ability to allow IdPs to create blanket rules around attributes that should never be released to external SPs. The uApprove log maintains an audit trail to prove that users approved the release or non-release of information.

The 2.3 of Shibboleth ‘may’ include back-channel single logout, more intelligent installation and configuration tools, real-time metadata generation, clustering solution based on HA-Shib, SPNEGO Authentication.

I’m spending the first morning at the Spring Internet2 meeting focusing on Grouper and COmanage, which fits in nicely with the discussions on the jisc-shib list on extending attribute usage.

Upcoming functionality in v1.5.0 of Grouper: namespace transition (i.e. the ability to move and copy groups), audit facilities, indirect membership management, and possible work on the attribute framework (in terms of adding parameters to groups in terms of a full understanding of what a role can do).

One of the interesting questions is around the attribute framework. The work of the Signet application, which assigned privileges to groups and individuals, did not take off as a standalone piece of work. This is now being developed as part of both Grouper and COmanage, but more work is needed to support this complex information flow.

The question of user interfaces was discussed by the group. SurfNet has done some work on a simple GUI to allow people to log-in with a federated ID and then manage their own groups. The University of Washington has is about to move towards a Grouper implementation using. The UI within the Grouper package is not seen as applicable to end-users - it is purely for systems administrators - so more work is needed in this area. In the UK, the University of Newcastle has done some work in this area as part of the G-FIVO project. For Grouper to be really applicable in the UK, I think that more work is needed on the UI issue - this may be an interesting area for the upcoming Access and Identity Management Programme.

Another area for development is the position of groups management within the institutional hierarchy, and understanding of ‘official’ institutional groups and hierarchy and those that have been developed for other purposes. The ‘official’ status of a group is very difficult to determine, but it is important to understand where and how a group was developed and its role within the institution. This will increase the opportunities for reuse of groups and labels - a positive thing from a management perspective.

COmanage is intended to be undetectable to end-users. COmanage being used in relation to Confluence should look like Confluence for end-users. However, unlike Grouper, COmanage is intended to focus on user interfaces to allow a larger groups of users to create and manage groups to facilitate wider use of collaboration management.

Some of the issues raised by the attendees at the group session were:

• Regular versus virtual organisations: revocation of user rights becomes complex;
• Pushing the tool beyond the educational domain;
• ‘Domesticating’ other tools to work with COmanage;

Back from UKSG and as usual found it to be a very useful event. The most common question I was asked other than questions about access management was, “this twitter thing, I don’t get it, what are you doing?”.

I spent quite a bit of the conference contributing to the twittering about the event at #UKSG09 and writing up sessions on both this blog and the Live Serials blog (an excellent record of the event by the way). I’m quite lucky in that I find it easy to write up sessions on the hoof, and actually find the need to explain a session to another audience helps me concentrate and focus more on what the speaker is saying. As many of you will know, I was a big twitter sceptic until a short while ago. So…

Why have I changed my mind?

1. It is a great way to be a virtual attendee at an event. I missed the JISC conference this year through illness but got a lot out of both the podcasts of the event and even more by being able to talk to people who were in session.
2. It enhances events as a back channel. The value that was added to each presentation at #uksg09 through twitter was impressive – people sent links, definitions of strange terms used, asked questions they didn’t have the chance to pose to the speakers, evaluated speakers on the fly, compared notes cross parallel sessions, and provided amusement when things were flat. A review of the #uksg09 tweets will probably be a far more useful event evaluation process than a review of the delegate evaluation forms.
3. It is as useful as a news channel as any of my other RSS feeds.
4. It is a good way of making new contacts and keeping in contact with colleagues. I meet several publishers face to face via twitter, and also learn a lot about what is going on in JISC – an almost impossible task normally due to the size and variance of our work.

What have I learnt?

1. Twitter is not e-mail – it is of the moment. You don’t have to and probably shouldn’t try and go back and read all the updates from people you are following if you have been offline for sometime. This is not your in-tray.
2. Use # tags wisely and well. If you want to review an area retrospectively, search # tags, not friends. If you want to be able to review areas retrospectively, use # tags so that you and others can easily find the information.
3. Instead of, not as well as. Blogs and microblogging can replace other types of communication and shouldn’t be seen as just another thing to do. If I’ve written up events on the blog, I don’t then write up separately in a formal report. If I’ve made a point on the blog or via twitter, I don’t send out via mailing lists as well. I don’t use either channel to rehash press releases but try to use as a way of indicating my thoughts on a topic.
4. Practise makes perfect. Everyone uses blogging and microblogging in slightly different ways but unless you give it a go, you won’t find your way of using it. You will make mistakes – tweeting too much of what a speaker is saying, tagging something to a formal event which is irrelevant to that tag, quickly venting and regretting later – but all of these are true of any form or medium of communication.

Finally, if you want to comment on work being carried out on federated access within the UK, please use the tag #ukfed.

Understanding and Recognising Research Excellence: Jay Katzen

Katzen starts by saying that technology is being touted as the way out of the economic crisis, but the reality is that people are pulling back because they are unsure of the future. Lean times = lean research, but there are inefficiencies in the current research that can be improved to ensure that more data is processed, not less. How should performance be measured to ensure the best results? Existing processes that exist such as the RAE2008, have shown a significant downturn for institutions based on the performance measured. Accountability measures will increase, but it needs to be transparent to the users.

Some of the major issues that are faced:

• Research measures tend to be on a country by country basis, but research has responded to globalisation - the old metric processes are no longer viable in this environment.
• Researchers are spending more time finding information than they are analysing information.
• Competition is intense - only 15% approval rate for National Science Foundation grants.

Publishers are not doing enough to support the whole research system and all of the activities that researchers are engaged with. This needs to be connected across the entire workflow and is needed to reduce the cycle time and improve the output of researchers. Improved efficiency in research will only help and support the publishing market.

Vice-chancellors and other senior leaders should be asking:

• are my strategic decisions effective?
• am I capitalising on new hot areas?
• where is my strategic focus?
• who are my competitors and how are they performing
• how is my competency portfolio performing?

Current performance measures do not support the process of answering these questions. More focus should be placed on understanding your institutions distinct competencies. Comparisons need to be like for like, not institution against institution or even department versus department (i.e. comparing activities just in stem cell research rather than across the board).

In summary, lean research is about taking a deeper look at research activity workflows and identifying improvement opportunities. Publishers and libraries both have a role to play in this process.