So, after my Identity Ramblings of yesterday, something a little more concrete and hopefully useful. As keen followers of my blog will know (both of you) we’ve been trying to do some work within JISC to help institutions better understand who their users are. I’ve been particularly focusing on students and the JISC Collections licenses recently – one of the simple changes I have asked JC to make is to remove the words “including but not limited to undergraduate and postgraduate” from their authorised user description as I don’t think the words are very helpful and have in fact confused lots of people.
To make my life much much easier, the lovely lovely people at Cardiff have recently published the work they did in order to identify all of their user types, whether they are a member or not and what access rights they have. This has now been published as part of the Identity Management Toolkit and my advice would be:
- Read it!
- Plagiarise it!
- Do your own audit!
There are 5 pdf documents. Print them, consume them and you will find them most useful. For those of you particularly interested in the student definition section, you will find this in the Table document. There is a whole section on student types, whether these are perceived to be a ‘member’ of the university, and for the libraries whether they are entitled to library e-resource access. The interesting thing to note is that there is NOT a direct correlation between member and right to access. For example, Cardiff have determined that ‘Dental Students on CU Diploma Course’ are not members, but do have access to e-resources. This brings about interesting questions in the Shibboleth world – if these students are not being provisioned with the attribute ‘firstname.lastname@example.org’ what is the best way to ensure they have an appropriate attribute for shibboleth access?
This is an excellent piece of work. Many thanks to David Harrison for taking the brave step to make this public, and to John Paschoud for including in the Toolkit. If people do take this work up, we’d be very interested in seeing the results made publicly available and I’m sure the Toolkit people would be more than happy to continue to link to case studies. On this note, we are hoping (subject to the wary world of budget cuts we are all experiencing) to launch some early adopter style work building on top of the toolkit later on this year – you might want to think about this type of audit as a potential bid for your institution?
The IdM Toolkit includes a very thorough how-to section on conducting an institutional audit of whatever identity management is already going on. See https://gabriel.lse.ac.uk/twiki/bin/view/Projects/IdMToolkit/ToolkitAudit if you want to jump right into it. Cardiff initially used this, but have gone further in their classification of types of people affiliated to the university.
As the other reader of your blog (now that Andy Powell has got on his bike) and the author of the is case Study can I just add a “health warning” that arises out of your hitghlighting a particular case from the Table.
This version of the Table is a stripped down version and doesn’t include the column which gives reasoning behind some of the categorisation which on the surface might seem strange. In the particular example you mention the note reads “Course run jointly by UWIC and C&V NHS Trust. Course is now run wholly by CU / DENTL.” Thus the membership status will almost certainly change.
So I would not, could never recommend plagiarism as a way of shortcutting a very essential institutional audit, but it does give an idea of the scale of the problem and something to measure your audit against.