June 29, 2009

Last week, I spoke at the eema European e-Identity Management Conference. Although intended for “those in business, public sector and government who are involved in the policy, security, systems and processes surrounding identity management”, the high price tag of the conference meant it was very business oriented. This lead to an interesting focus on mobile identity – an area that we haven’t touched on in much detail within JISC – but also to many concepts that we have been exploring in the JISC arena for some years such as federated identity, identity in the cloud etc. etc.

It was of course very satisfying for me to hear Kim Cameron of Microsoft talking about identity federation, interoperability with SAML, and the Cloud Identity Federation Gateway which is part of recent work at Microsoft, including the Identity Software and Services Roadmap. Cameron described identity in terms of claims based access, with a claim as an assertion that is in doubt. He sees it as the business of identity management to validate that claim. The importance of this in the changing environment is that enterprise systems used to be closed, but are now permeable with many interactions outside of the traditional firewall. These are exactly the issues which the education community has been grappling with through its adoption of SAML.

Kim finished by warning people ‘not to be the only person out there with a fax machine’. Given the focus on SAML at the conference, the adoption of the standard seems a sensible way of not being that person.

Overall, it seems as if the commercial world is in agreement with the education sector on its approaches to access and identity management, and in fact the education sector seems to be ahead in many respects in the route it has chosen. The hot topic of the conference was ‘identity in the cloud’ – my immediate reaction to this is that a fully distributed federated identity system does much of this already. We are in the right place.

(Oh, and in case your interesting, my slides on the Tao of Attributes are here, with much thanks to Ken Klingenstein for all the input!).

Having done a number of FE events this month, I’ve got the impression that when all the to shib or not to shib deployment issues are unpacked, a reoccurring problem is the ability of LRC staff to make their case at the SMT level. It’s not that they can’t articulate it, they certainly can but too often (and by too often, I mean based on anecdotal and entirely unscientific evidence) it seems that if it isn’t part of the IT department agenda, it can be all but impossible for FE librarians to get it onto the SMT agenda. Somewhat ironic that just as the term Shibboleth can symbolize divide (in the biblical sense), it can also represent the sometimes divide between LRC and IT and even the divide between teaching / learning and supporting infrastructure.

I’m very happy to be told I’m wrong and if anyone is at an institution where they don’t have that divide, I would live to hear about how they have achieved that cultural change.