Want to save money on Post-Its? Then use good IdM.

Today was the final meeting of the first phase of the Jisc co-design Identity Management Taskforce. This activity is in the Jisc AIM Strategy and Plan (www.tinyurl.com/jiscaim) and has the objective of addressing "the social and political barriers to good identity management" - not technology. Discussing identity management without mentioning technologies is surprisingly tricky.

Formal outcomes from phase 1 will be published shortly, but that's part of the problem - how best to disseminate this information to the right people? A lot of today's discussion has been about the comms and marketing side, but the main message we want to get across is that it is not an IT problem. No matter who we address information to (Pro-VCs, HR Managers, Registrars etc. who all need to know the importance of 'good IdM') as soon as they see "identity management" they are likely to just forward it to the IT Director. Is there a more user-friendly term we could use? The best we could come up with today was something along the lines of "Giving people access to stuff they need to do their studies/research/job". Not very elegant, but pretty accurate. I think we need the Jisc Customer Experience team to add their magic to it. Or if you have a useful (clean) term, please let me know.

A key area for Phase 2 of the Taskforce is a desire to look at how Universities can make use of a student's existing identity. For a number of years now Universities have been battling with getting students to read their university email accounts as they all arrive at University with an existing email account (Gmail, Yahoo, Outlook etc.) and now they also have existing Facebook, Twitter and other identities. How do we provide a way for them to use an existing identity (if that’s what they would prefer to do). There are existing technical solutions that could be useful here, like InCommon's Social to SAML Gateway (https://spaces.internet2.edu/display/socialid/Social-to-SAML+Gateway+FAQ ), which we need to look at, but as this Taskforce isn’t about technologies there is also a need to look at the non-technical issues and policies in this area.

Other areas the Taskforce discussed to make IdM more relevant to non-IT people are anonymised case studies of what goes wrong when you don’t have good IdM – e.g. a role play of all 23 steps needed to get an account registered in a certain application; what might a researcher miss if they didn't get access to a certain journal; what might happen if a student doesn't get access to the right part of the VLE and fails / misses an exam. It would also be useful to document what good (ideal) IdM looks like with seamless SSO access to everything you are entitled to access.

Other questions that could be used to get the message across are: How many times do you force your staff to log on to different systems? How many of these have different usernames and passwords? Do you want to make this easier, more secure (and save money on Post-It notes)? Then implement good IdM and federated access management.