I’ts been a pretty stressful time for me recently as I deal with an unexpected house move, so it takes something really interesting to grab my attention away from boxes and clutter at the weekends. This weekend, DevXS managed to do exactly that.
DevXS was a simple but lovely idea – what would happen if you brought together a bunch of students from across the UK and asked them to code for 24 hours? The answer is, quite a bit! For more on what the students were up to, take a look at the DevXS wiki.
My first reaction as I watched the tweets was – if only I had known! I would have chucked in some sponsorship for access and identity management type developments. My second hot the heels reaction was not to be silly – why would anyone be interested in that? It’s not cool or particularly interesting…it’s backend stuff. Access Management is typically something that is tacked on at the end of developing a service, normally just using the local authentication method in a poorly supported way. Cue depressed look about how we can change the general attitude towards access and identity management.
But, well, why *wouldn’t* a bunch of students developing services for students want to use federated access? Tools like SimpleSAMLPhP in particularly are designed to offer such functionality to lightweight service in a very accessible way. Further more, once implemented it would mean that ANY STUDENT in the UK (or indeed in many different countries worldwide) would be able to use the service without needing to be provisioned, using their local institutional username and password. That’s handing you the entire student population on a plate. Finally, you wouldn’t even need to administrate these accounts or have overhead for forgotten passwords / usernames as this is all done elsewhere. Again, this is very in-keeping with lightweight service developments.
I really wish we could stop making access and identity the last thing we ever think about when developing a service – particularly as it is often the thing that can most affect the experience of a service when done badly. So maybe next year we could challenge some of the developers to use a tool like simpleSAML as they develop. Remember, fairly swift access to the ENTIRE student population for your service…how can that be a bad thing?