JISC Access Management Team

“The rumors of our death have been greatly exaggerated”

markwilliams — Thu, 17 Jul 2008 15:03:58 +0000

To miss-quote Mark Twain. The JISC access management team is remaining in place (and has always planned to be in place) until the end of this year. It doesn’t take a genuis to work out that the next few months will be very important for the UK Federation - and we will be there to offer our support.

More importantly we are here right now - and with two weeks to go to the big switch, if your institution has not joined the Federation please DO contact us to check that this isn’t going to impact on your students. There may be a few institutions that won’t feel any impact of not being in the Federation but I can’t imagine it will be many. So please get federation membership applications in. Some of you will have been waiting on decisions about third party options etc - these decisions will in most cases now have been made and joining the Federation will be the next obvious and urgent step.

CNI: the user experience and identity

nicole — Thu, 10 Jul 2008 13:49:11 +0000

This week, several of us are attending the JISC / CNI conference in Belfast. The theme of the conference is transforming the user experience. Whilst there are no specific sessions on identity management, it is an issue that keeps of creeping in to presentations.

Diana Oblinger opened the conference with an insightful presentation on Students and the Transformation of Higher Education. Diana set out a transforming approach to learning and teaching within education, which is bringing about a greater focus on collaborative learning and collaborative research. In her vision for education, she saw students and staff moving away from a reliance on single institutional affiliation and having a learning and teaching experience across multiple institutions and environments. In order to manage this vision, it will be important for us to move away from the current identity provision model that is reliant on the affiliation managing identities for their staff and student. The next step for identity management in higher education will be the tools that allow us to add our institutional affiliation rights to a more transferable identity. A big question is where will this identity be managed and by who?

Ian Rowlings’ presentation on the digital lives project matches neatly to conversations we have previously had here about the importance of managing the multiple personas we hold online. The digital lives project focuses on the need to bring together personal digital collections, but many of the questions explored by the project are equally relevant to manage digital identity itself.

I’ll keep on updating this post as the event goes on, but so far a lot of food for thought for the new access and identity management programme.

Futures Event - Identity and access management

markwilliams — Wed, 02 Jul 2008 14:54:03 +0000

We had over 60 interested participants at our event in Birmingham which was aimed at teasing out from the community, specific areas of work that should be addressed in the coming JISC capital programme spend. The breakout sesson was interesting, I expected lots of call for shiny new identity management tools. However the consensus of the group was fixed on embedding the progress that we have already made, with particular attention on developers forums, institutional support, account linking, pilots with other sectors. Outputs that would inspire and generate populist appeal were particulary called for - with the “killer app” that would really demonstrate the promise of access and identity management, considered the holy grail of outcomes.
Presentations from the event will be up soon.

Two weeks and counting

markwilliams — Wed, 18 Jun 2008 09:44:05 +0000

Thats how many school days are left before the big switch over in access management. So right now the debate is not about open source software, 3rd stream activities, cost benefit of propriety software v non proprietary software, long term strategy etc.

The single issue of importance until August is how will your students access resources on July 31st.

1. Whatever solution an institution has chosen they need to ensure that they have joined the Federation - which means sending the letter off and CONFIRMING the JANET reply email which should follow soon after. If an institution isn’t listed on this page then the process is NOT complete.

2. If an institution has opted to use an outsourced identity provider - and are planning on using ATHENS - Shibboleth Gateway to access federated resources (such as JISC collections, material at Edina MIMAS etc), they need to check that they have nominated their outsourced provider on their Federation Membership documentation. In some cases institutions may have become Federation members before they decided on a solution so won’t have put that information on their original application. They will want to revisit their documentation and notify JANET if anything has changed.

3. If an institution is NOT joining the Federation, and they may have their reasons (such as move to use of IP and Proxy solutions only)-, please contact the team here to double check the implications….

Opinions Wanted

nicole — Tue, 03 Jun 2008 17:20:25 +0000

Many of you will have seen the invitation to the Federated Access: Future Directions (no jokes about boldly going) event being held in Birmingham on 30th June 2008. The agenda is here, and we would love to see you there.

The main purpose of the event is to help us plan the next JISC programme on access and identity management. We will be holding brainstorming sessions in the afternoon to ask attendees what they would like to see in the Programme. I’d like to be able to take ideas from the community in to these meetings so we can have a solid basis to start discussion. As such I’d like to invite you all to provide suggestions for future areas of work by commenting on this posting. If you are shy, please feel free to also e-mail me directly.

To get you started, there are some ideas below. These are just ideas that have been suggested to us and comments are welcome. Our programmes are only as good as you help us make them so please do speak out.

Possible future directions for access and identity management

- a developers forum to allow for joint development of toolkits across the community with a solid coding platform and management.
- tools for librarians to manage groups.
- work to integrate attributes within ERMs.
- recommendations for extended use of attributes within institutions.
- a review of licensing of content for virtual organisations.
- more work with CardSpace and OpenID.
- a study on the importance of cultural identity and digital identity.
- pilots for pre-course access with UCAS codes.
- account linking.
- support for Shibboleth 2.0.

Today - education, tomorrow - …?

nicole — Fri, 02 May 2008 10:57:09 +0000

We are often asked if the uptake of SAML is a purely educational process, and if there is any interest from outside the sector. The simple answer is, of course! The number of commercial service providers who have joined the UK Access Management Federation is testament to their acceptance of the SAML standard as a business requirement.

There are also significant signs of SAML being taken very seriously across other sectors within the UK and internationally. At the Mobile Gov Conference, Chris Haynes of the eDelivery Team in the Cabinet Office set out the roadmap for the development of the Government Gateway - with SAML at the core of the development.

Ian McKinnell will also be talking about the NHS and SAML at the next meeting of the NHS-HE forum.

JISC is also working with a small group of museums, libraries and archives in London to look at the potential application of SAML in these institutions.

All very interesting work presenting interesting new challenges but also added confidence on the benefits of implementation against a common standard.

BT in trouble?

markwilliams — Thu, 03 Apr 2008 10:32:06 +0000

Notice that BT seems to have taken a lot of flack over its test of Phorm , which matches adverts to users’ web habits. Advertisers will probably argue that examples of such tools allow them to offer better aligned services to their prospective customers – users may well wonder where the line is drawn regarding the gathering of data about their online habits.

In the UK Federation, the line is already firmly drawn. Any user accessing resources is identified to that publisher by a random string. It’s a different generated random string for the user accessing each publisher so there can be no danger of deductive matching up of identities.

That element of protection may not seem a big deal at the moment but protection and ownership of one’s online identity will be the big issue over the next year – all sectors will no doubt come under intense scrutiny, particularly as individuals will become much more aware and savvy of the issues and principles involved. Obviously the commercial sector will bear the brunt of such examination, but UK education will receive its fair share of attention eventually. Fortunately, the move to federated access management sets up a sound basis for the protection of learners identities online, while allowing scope for the degrees and types of personalisation that publishers and users want. Users (nominally institutions) determine how much info (in attributes) to release, resource providers determine how much info they require. The worst that can happen, is that nothing happens. No unpermitted exchange of data. But unpermitted does need a little unpacking. Institutions really do need to make learners aware of their information policies. Its probably not the first question on most fresher’s lips yet, but one day…………..

Know thy self

markwilliams — Mon, 17 Mar 2008 11:50:56 +0000

It is nearly easter and although the access management D-Day is end of July, in many ways it’s actually right now. Institutions (and that means Libraries, It depts and Senior management together) will need to determine now where they actually want to be by August in order to implement whatever solution that they have chosen. For a significant number of FE institutions that means analysing their Library resources profile and IT skills and determing what they 1. want to do and b.what they can do.

Where they will be in August 2008 and more importantly Aug 2009 really has to start now. All the options are out there - don’t fall into one option later by a lack of decision now - prepare now! For many coming to the issue this late from a cold start, a stepped approach may well work best (one solution for this August while working to another longer term one by Aug 2009). Outsourcing, inhouse, IP - all options on the table - you’ll know whats best for your institution……

JISC FE Support

markwilliams — Mon, 25 Feb 2008 17:42:16 +0000

Deadline for applying for the JISC Institutional Access Management Support Project passed today. It would be fair to say that the bus is now full up, and over half the passengers from smaller FE institutions (I-J) which we particulary wanted to target. Although places on that project are now spoken for, there is still help for Institutions that have only just made a decision to deploy a shib Idp. Netskills are running excellent three day training course, JANET will be running courses of their own and of course JISC RCS’s have events planned. Most importantly the office here is still open, so if you missed the big bus give us a call and we can talk through other ways your institution can get help setting a shib Idp up.

LEGO is 50 years old, shibboleth is 2000

markwilliams — Mon, 28 Jan 2008 12:36:58 +0000

Google tells me LEGO is fifty today. To that honour, I post this link to the Lego Bible, which should show just how important it is to authenticate correctly through shibboleth………….