I spend a fair amount of my days up to my eyes in geek. I’m not complaining, but it is a little strange for a girl who cannot claim any sort of technical background. I’m not sure if they that geek would agree with me, but I think that one of my main roles (besides implicitly trusting the brilliance of our developers and sternly looking at project plans) is to ask ‘so, how does that work?’ By this I mean really thinking about how a tool or a service or a policy will be approached by the average institution or user when we have finished mangling it with geekness and actually roll it out.
It has become a bit of an obsession for me, and I know some people think I over-stress the importance of ironing out that connection with the user but when you are working in a field as technically weird as access management I think it is really important that you take a step back and ask this question. My current SHDTW? is around the ‘opt-in’ process for eduGain. This means that if you want us to include your entity metadata in the aggregate that is used for interfederation, you have to ‘opt-in’. I pretty much got shouted down on this one today and was told to stop worrying about embedding and take-up of it…if federation entities thought this was a beneficial feature they would come and work out how to opt-in themselves by reading a magical announcement that will be circulated.
I fundamentally disagree with this. I’ve always had a real problem with a ‘if you fund it they will come’ attitude and don’t think we do enough to support institutions with embedding the functionality we fund. I wrote a lot of embedding stuff in to the programmes around federated access management, and I think the resulting take-up proves it works. My brain is also starting to tick about the embedding possibilities for RAPTOR…more on that to come.
I don’t particularly like the ‘opt-in’ model at all, but it has been decided on for eduGain so if it going to be there we have to work with it. I think there are a variety of problems in explaining this process to our Identity Providers and Service Providers:
- What do we call it? Is interfederation the right word? Will people know what this means?
- Who gets to ‘opt-in’ for the organisation? The management liaison who would normally authorise such things is often a random senior person who wouldn’t understand what they are being asked to do. Who are we announcing it too?
- Entities need to reach a certain standard technically before they can be added to eduGain. How do we explain what they have to achieve?
- Once I’m in eduGain, how on earth do I know which federations are consuming my metadata?
- As a Service Provider, how to I handle discovery in the eduGain context?
I could probably go on and on, but I think this makes the point. My bigger issue with ‘provide the service and let them use it if they want it’ is this just doesn’t work in the access management space. The federation isn’t some groovy social tool that we flock to like flies and unfortunately organisations often don’t know or try to know the benefits of a service that is quite dry and non-flashy. Actually, most people hear ‘access management’ and switch off. It’s a hard sell with great benefits. This has often been cited as one of the reasons OpenID didn’t really take off – you really need to push people when it comes to good identity management, good access management and good security and they ain’t going to go looking for it. A bit of mummsying is required I’m afraid – and mummsying has an overhead.
I’m really hopeful that eduGain or REFEDS will produce some material that can be used by all the federations to describe the ‘opt-in’ process so Service Providers in particular are being presented with consistent information about this complex area. I also hope we will think about tools to allow SPs to be clear about who is eating their metadata – this will be a problem for PEER as well. Overall I’m really hopeful I can do more to prove to people the importance of the final push and of embedding and that we can move away from just providing services to the door.
A Sky engineer came to my house the other day to fix a problem with my phoneline connecting (bad when your little boy wants to watch a certain film) and I offered him a cup of tea. He gratefully accepted and said of his 15 visits of the day I was only the second person to offer him a drink – which stunned me. I hope we can always aspire to be the people who offer the cup of tea to the people that come to our door.