"UK academic institutions have been using their chosen federated access management solution for several months now. Some institutions are now looking into extending the use of federated access beyond their library, for example, to a Virtual Learning Environment or an institutional repository. For others, it is time to re-evaluate their current solution to decide whether it still meets their institutional needs or if it is time to move on to something different."Access and Identity Management Executive briefing
(A list of presenters is given below)
(Presentation now available here)
The conference had three main themes throughout the presentations: What is FAM and what are its benefits; Where should we now be focusing our resources; What is the situation for vendors.
What is FAM and what are its benefits:
Nicole talked about what access and identity management means for us all with an excellent mind map that compared the whole paradigm to Harry Potter. Her overview was a cautionary tale of how we must protect identities, but at the same time give seamless access to resources. Nicole also spoke about usernames and passwords not being enough to ensure security and libraries need to understand (the now infamous) section 6 of the federation membership rules.
Simon gave an overview of the UK Federation, benefits of Shibboleth, support options, and developments. His was a very clear and concise presentation outlining why Shibboleth is the FAM of choice for nearly all UK education institutions.
UCL was a very early adopter of Shibboleth. Margaret talked about this adoption, where UCL are at currently with their implementation, and what is left to do. It was interesting to note that although UCL delayed going completely live for a year (OpenAthens spanned the gap), Margaret felt that this delay didn't archive as much as they would've liked.
Where should we now be focusing our resources:
Masha talked about the FLAME project. This project is studying user attitudes toward FAM (federated access management) by looking beyond just the technical. Some of the research was very enlightening and showed how easy it was to obtain sensitive or confidential information from students. One particular part of the research was conducted at a student fair. A stall was set-up giving away free Mars Bars to students in exchange for information. Some of the information offered up included: usernames, passwords, email addresses, etc.
Rhys has delivered Shibboleth training to us before and is a guru in all things FAM. Rhys showed what could be accomplished with Shibboleth and made one very important point: Shibboleth is far more than just an Athens replacement. He developed this idea by showing that Shibboleth could (and arguably should) be used as the single sign-on systems for nearly all web authenticated systems within an institution.
What is the situation for vendors:
Fiona, Nadine, Ale, and mark all gave FAM presentations from the vendor perspective. What came across from all presenters is how extremely difficult it is for vendors to support multiple authentication systems, from multiple organisations, over multiple federations, and multiple countries. There was the usual discussion about terminology and why every vendor had different wording for the 'login' links. All vendors stated that their choice of wording was entirely driven by the customer and it is in fact the customers who have such disparate view of what the wording should be. Vendors also stated that although they were 'agnostic' about which login technology institutes use, they do prefer to standardise and that standard should be Shibboleth. There was also discussion about future developments and how vendors would like to see institutions using a more granular approach to Shibboleth authentication.
Presenters:
Presentation 1 - Nicole Harris (JISC)
Presentation 3 - Margaret Stone (UCL)
Presentation 4 - Masha Garibyan (LSE)
Presentation 5 - Rhys Smith (Cardiff University)
Presentation 6 - Fiona Culloch (EDINA)
Presentation 7 - Nadine Prowse (Ingram Digital)
Presentation 8 - Ale de Vries (Elsevier)
Presentation 9 - Mark Williams (JISC collections)
John Paschoud (LSE) didn't present, but was coordinator for the days events.
0 comments:
Post a Comment