Notice that BT seems to have taken a lot of flack over its test of Phorm , which matches adverts to users’ web habits. Advertisers will probably argue that examples of such tools allow them to offer better aligned services to their prospective customers – users may well wonder where the line is drawn regarding the gathering of data about their online habits.

In the UK Federation, the line is already firmly drawn. Any user accessing resources is identified to that publisher by a random string. It’s a different generated random string for the user accessing each publisher so there can be no danger of deductive matching up of identities.

That element of protection may not seem a big deal at the moment but protection and ownership of one’s online identity will be the big issue over the next year – all sectors will no doubt come under intense scrutiny, particularly as individuals will become much more aware and savvy of the issues and principles involved. Obviously the commercial sector will bear the brunt of such examination, but UK education will receive its fair share of attention eventually. Fortunately, the move to federated access management sets up a sound basis for the protection of learners identities online, while allowing scope for the degrees and types of personalisation that publishers and users want. Users (nominally institutions) determine how much info (in attributes) to release, resource providers determine how much info they require. The worst that can happen, is that nothing happens. No unpermitted exchange of data. But unpermitted does need a little unpacking. Institutions really do need to make learners aware of their information policies. Its probably not the first question on most fresher’s lips yet, but one day…………..

Mark writes:

Had a couple of comments asking if the Institutional support ITT mentioned below ( Calling third parties ) means a change in the JISC position regarding the access management alternatives faced by institutions. Actually, far from it. Once the mechanisms are in place it will actually increase choice. At the moment a well resourced College is in a position to choose any of the three access management options, but a less resourced one may well find their theoretical choice narrowed down to one, in practice. We don’t want cost or sheer size (and therefore resourcing) of an institution to be the single determining factor in how they choose to solve access management issues, the whole issue is just so much more complicated than that. So the ITT is designed to give choice back to the smaller institutions most at risk of currently not having access to all the options. The regret is that the £225000 available for funding the support can only go so far.

And in my personal experience, once institutions have cost removed from an issue, they tend to choose very wisely indeed….

Mark writes:

JISC has just issued an ITT for third parties experienced in access management to bid to provide support to institutions who want to deploy a IdP. You might say that such support is already there, and to a degree much of it is. Particulary if you are an Institution employing an IT staff with the correct skill set, have an organised directory service, a significant subscription to JISC Collections resources and the strategic ambition to move forward on access management. However, and it is a big HOWEVER, its clear that there are enough institutions who can use the business case toolkit to determine that they want access management (and I mean the 100% proof type, not devolved outsourcing to a delegated authority), but who have also determined that its currently financially / technically out of reach. It is that group of institutions, which the successfull respondent to the ITT will be working with. The time will come for such institutions to submit applications for the help that the project will provide, but for the present - if you are a third party provider of access management support, with a desire to spend long hours setting up IdPs in grateful institutions all over the country - we want YOUR interest. And remember we encourage questions……

One of the unique issues facing the UK adoption of the SAML standard through the UK Access Management Federation is to ensure that the UK education community continues to be able to access Athens resources. To support this requirement, JISC has funded Eduserv to develop and maintain two gateways to the UK federation. These gateways are known as the Federation Gateway Services.

These Gateways are currently funded until July 2008, in line with the funding for the UK federation. Funding profiles have been agreed until July 2011 for both services and contracts will be put in place following the May round of JISC Committee meetings. It is worth highlighting that no JISC core funding has currently been contractually agreed post July 2008. This is typical practice as we have to wait for our grants from the funding councils to be confirmed.

We will continue to monitor future funding requirements beyond July 2011 in line with the JISC Services Strategy. JISC will continue to work with Eduserv on developing and enhancing the Gateway services and to ensuring that institutions adopting alternative SAML-compliant technologies such as Shibboleth will continue to be able to access Athens-protected resources at no extra cost to the institution.

The gateways allow:

• An institution using a SAML compliant technology such as Shibboleth to access Athens protected resources.
• An institution using Athens to access federated resources through the UK federation. To enable this functionality, an institution must join the UK federation and declare that they wish to use Eduserv as their ‘outsourced identity provider’.

More information can be found on the Athens website and the UK federation website.  Please note that institutions wishing to use the Athens - Shibboleth gateway will still be required to pay a subscription charge to Eduserv for direct Athens functionality - that is Athens acting on the behalf of the institution as an Identity Provider.  Charging models can be viewed here.  

There are no subscription costs for institutions adopting Shibboleth and using the Shibboleth-Athens Gateway.

If anyone has any concerns about use of these gateways please contact Nicole.