You’ve probably seen the notice from JANET concerning shib 1.3 -2.0 migration.
“We strongly recommend that sites currently running Shibboleth 1.3 in production plan to upgrade to the current version of Shibboleth well in advance of the announced EOL date. This will protect against the possibility of a forced but unplanned migration from 1.3 should a security issue or incompatibility be discovered after the EOL date has been reached.”
Well the time factor here is June, which given that falls within the teaching calender means for many institutions the next appropriate downtime when they can schedule such a transition is easter. I know of a number of institutions who are already planning what they will do IT infrastructure wise during Easter, so if you are a 1.3 institution get it onto the agenda! In some cases where the library has been pushing the Shib agenda, and the IT dept has been doing the actual work- it might mean flagging the issue again to the IT team. I would be interestedto hear any migration experiences….?
Some advice here.
if I were an Institution with shib 1.3;
I’d migrate to shib 2
if I were a Publisher who has implemented access management with shib;
I’d migrate to shib 2
if I were a publisher who has not implemented access management but said they would in 2010;
I’d go ahead and deploy shib or other SAML compatible product
if I were a member of JISC access management team;
I’d federate everything I use so it wouldn’t matter that I come back after xmas holidays and can’t remember a million passwords…..
being a Federation catalyst goes to Nicole Harris (and I2 and SWITCH).
The award really shows how far access management has come, with parts of the UK experience considered so embedded that they have become informative history as Norman Wisemans excellentpresentation at Educause demonstrates.
David Kennedy from Duke presented an incommon sponsered study concerning vendor (what Yanks call Service Providers) best practice regarding access management. Interesting to see how some common themes aligned with our publisher study and it supports us in making arguments to publishers from both sides of the Atlantic.
JISC Collections have a blog now running. Slightly strange as I’ll be posting on this one and the JC blog. It feels like I need identity management not just for access to multiple wordpress sites but for my own head. Different blogs, different styles, different things you can / should say. Anyone who follows Brian Kellys blog will have seen those issues discussed before – I for one await the day when our overlords put chips in our heads that will deal with attribute release and role management in my brain.
The final report from Cardiff University, looking at the issues surrounding the user experience when using federated access management has now been delivered to JISC and is set out on a wiki for community consultation. In response to the recommendations from the report, JISC intends to:
1. Carry out a full public consultation on the findings of the report (that’s this bit!)
2. Instigate an international competition for the design of a federated log-in brand (that’s coming)
3. Develop full brand guidelines for Service Providers;
4. Develop an easy-install tool and guide for embedded WAYFs (Where are You From Services).
We will only successfully move forward by establishing a learned consensus so we invite you to read through the report and please feel free to submit your ideas by using the comment function on the wiki or by the feedback form provided.
So particulary if you are a Service Provider (publisher), don’t waste time here, get reading (and commenting!) here
We’re organizing the FAM event for November and I’ve been slightly surprised at the fact that a few people have returned their forms indicating that they don’t wish to have their face in any photos or have their voice recorded.
Of course the right to privacy is key and in many ways what a huge part of access management is all about. And we should never assume consent. Apart from the fact that sometimes should we?
Your average public sector event is going to be attended by public sector employers, who I’m assuming will get their fares and accommodation paid for by their host institutions and they are certainly attending in an official capacity. So should we be able to say “no I don’t want my comments or questions recorded”?
Web casting is becoming more and more common – events in our field actively take into account that many more people will be actually participating than physically at the event. So is standing up for the rights of privacy doing anyone any good in this case?
There is a flip side to this – recording and broadcasting everything does make it harder to ask or make off the record comments and can inhibit frank discussion which is a key reason for events like our FAM one to take place.
I know the law on this one, but I’m not sure if I know the answer…..there is certainly a fight to be had over privacy which I’m happy to get behind but should public sector events be the battleground?
It may sound like an airport novel, but when we were introducing FAM to the world (and by world I mean UK HE / FE) one of the scare stories that doubters threw around was that it was a single point of failure – if one thing goes wrong, then you lose access etc.
As a scare story it had little effect on IT staff – who obviously are used to planning for resilience, redundancy, disaster recovery etc – but it did worry Librarians who on the whole have to worry less about such issues. It was one reason why we were so keen at briefing events for institutions to send IT and Librarians together – so they could reassure each other of the worrying bits outside each others natural domains. Well good practice on the IT front should heavily mitigate the topic of today’s title – however…. Server Certificates…..well for the non tech out there, they play a similar role to passports and work in a similar way- ie if you get to the check in desk and yours is out of date, you don’t get to go anywhere. That’s it, no negotiation, no pleading just no flight, no holiday.
And it works the same way for Publishers as well….. – makes me almost wish we had a central certificate reminding service – and I don’t mean an email and letter that sometimes get ignored given the amount off spam and junk mail we get – but no, an annoying persistent phone call that just keeps on coming until the cert is renewed….
…such as the idea of Google hosting NHS data …and times when you probably don’t…like if you are a spy on Facebook….
JISC digital conference was a breath of fresh air being particularly content focused.
Things I learned were:
That the for fans of the IT Crowd, the Internet really does reside in one box.
Galaxy zoo put a new spin on cosmic cloud computing
The Oxford great war archive really excited the historian in me.
The latter were interesting in the sense that both could benefit from federated access management and the way it can help with issues of provenance, but they would also have some issues brought up by it – particularly that of an additional possible barrier to participation. Fear of a login button(s) driving away users can be valid but that’s one of the reasons why JISC / Cardiff University recently held a publisher workshop to look at how best that can be implemented. Results I hope to be able to share by the end of the summer.