Last updated: 
4 months 2 weeks ago
Group Manager
Members of the research and education community within the United Kingdom regularly make use of various types of online services, including web-based e-resources, wireless network access, and cloud-based applications. Many of these services require authentication of a user's identity, and many additionally require the release of attributes relating to that identity for authorisation purposes. Access and Identity management technologies and services aim to fulfil this need for robust authentication and authorisation technologies. Jisc either runs or is heavily involved with many major services offered to the UK R&E community in this space such as eduroam, the UK federation, Moonshot, and the Janet Certificate Service. This group exists for those interested in AIM and trust and identity services to discuss the latest developments, keep track of goings-on, and participate in discussions about what the community needs in this area and what Jisc should be offering. (Note that for eduroam, Moonshot, and the Janet Certificate Service specific discussions, these technologies have their own groups on this site). To learn more about Jisc's AIM services, you can see the slides and video of an overview given at Networkshop42.

Group administrators:

Want to save money on Post-Its? Then use good IdM.

8 April 2014 at 6:03pm

Today was the final meeting of the first phase of the Jisc co-design Identity Management Taskforce. This activity is in the Jisc AIM Strategy and Plan (www.tinyurl.com/jiscaim) and has the objective of addressing "the social and political barriers to good identity management" - not technology. Discussing identity management without mentioning technologies is surprisingly tricky.

Formal outcomes from phase 1 will be published shortly, but that's part of the problem - how best to disseminate this information to the right people? A lot of today's discussion has been about the comms and marketing side, but the main message we want to get across is that it is not an IT problem. No matter who we address information to (Pro-VCs, HR Managers, Registrars etc. who all need to know the importance of 'good IdM') as soon as they see "identity management" they are likely to just forward it to the IT Director. Is there a more user-friendly term we could use? The best we could come up with today was something along the lines of "Giving people access to stuff they need to do their studies/research/job". Not very elegant, but pretty accurate. I think we need the Jisc Customer Experience team to add their magic to it. Or if you have a useful (clean) term, please let me know.

A key area for Phase 2 of the Taskforce is a desire to look at how Universities can make use of a student's existing identity. For a number of years now Universities have been battling with getting students to read their university email accounts as they all arrive at University with an existing email account (Gmail, Yahoo, Outlook etc.) and now they also have existing Facebook, Twitter and other identities. How do we provide a way for them to use an existing identity (if that’s what they would prefer to do). There are existing technical solutions that could be useful here, like InCommon's Social to SAML Gateway (https://spaces.internet2.edu/display/socialid/Social-to-SAML+Gateway+FAQ ), which we need to look at, but as this Taskforce isn’t about technologies there is also a need to look at the non-technical issues and policies in this area.

Other areas the Taskforce discussed to make IdM more relevant to non-IT people are anonymised case studies of what goes wrong when you don’t have good IdM – e.g. a role play of all 23 steps needed to get an account registered in a certain application; what might a researcher miss if they didn't get access to a certain journal; what might happen if a student doesn't get access to the right part of the VLE and fails / misses an exam. It would also be useful to document what good (ideal) IdM looks like with seamless SSO access to everything you are entitled to access.

Other questions that could be used to get the message across are: How many times do you force your staff to log on to different systems? How many of these have different usernames and passwords? Do you want to make this easier, more secure (and save money on Post-It notes)? Then implement good IdM and federated access management.