ECAR Report – Identity Management in Higher Education

http://www.educause.edu/LibraryDetailPage/666?ID=ERS0602

Being just a pleeb who doesn’t work for anyone with an EACR membership, I’ve only been able to read the public ‘key findings’ document from this recent ECAR study, “Identity Management in Higher Education: A Baseline Study” (and hey, I’m not really complaining that much, it is nice that they make the highlights available for free). So maybe the fuller report speaks to some of my concerns, but what I found striking about this report was the apparent disregard in the institutions surveyed for many of the internet-wide identity projects currently struggling to be borne (e.g. sxip, openID, etc.) Actually, that’s not surprising at all, we’ve longed seemed to prefer to invent (or at times re-invent) our own wheels in higher education, thinking our situations to be so different or needing to ‘own’ the results for academic or political reasons. Where this gets interesting for me, though, is the whole push within what I call the ‘loosely-coupled learning tools’ camps for instructors and students to simply adopt free or centrally provided services that exist out on the internet already (e.g. flickr, blogger, etc.) This push is not going away, nor should it, but it currently drives many IT directors and other campus service providers nuts.

It was about 2 months ago now, during the course of a private conversation about ‘loosely coupled or openly integratable leearning management systems,’ that I half-jokingly threw out the intellectual stink bomb that campuses could in the future easily turn to service providers like Google or Yahoo or Microsoft for their central identity services. It was literally a few days later that announcements about Gmail offering domain-wide hosting services (and I thought Microsoft too, but maybe this was old news, I can’t find the reference). Don’t get me wrong, I am not ADVOCATING this as a solution, only saying that a) you will see more offers like this from big ‘free’ players outside your organization to start coming ‘inside’ your organization, and along with the free services come implications of who owns what and where should it reside, so you had better already thought through how to talk to your CIO/CEO/President about this, because on a sheer cost basis it is going to be hard to justify why not and b) it is a GOOD thing for institutions to start to consider that their students have lives and identities that preceed and extend far beyond the time they attend their institutions, and that being able to easily fit into that student’s online identity (rather than the other way around) is going to be an increasing expectation.

So, good overview of the state of affairs in higher ed, and maybe the full report touches on some of these issues, but it didn’t read like a vision for the future for me. – SWL

InCommon Shibboleth Federation

http://www.incommonfederation.org/

I’ve known about Shibboleth for a few years now, but to be honest haven’t followed it that closely, in part because, as important as issues of authentication and authorization are, they typically bore the *!#$ out of me. So I had Shibboleth filed in the back of my mind as ‘hey neat idea, I’ll wait a few years and maybe this will move from idea to testbed implementation.’

Wow, time flies, and folks involved with Shibboleth have clearly not been fooling around – not only is there already this very real production level federation called InCommon, but they have a nifty ‘starter’ program called InQueue which allows organizations just starting with Shibboleth and federated trust to try it out.

For those who are wondering ‘what the heck is he talking about?’, check out the Shibboleth ‘About’ page which has about as short an explanation as you can give, or else this recent Educause presentation by Michael Gettes which also does a nice job of explaning it. Long story short – as more organizations join federations, you’ll likely be able to get access to protected materials you couldn’t before without individually having to arrange that access.- SWL

Eduserv Athens authentication system

http://www.athensams.net/

Arguably more of an administrative than academic computing issue, this was still of interest to me, and I think to elearning systems developers, as I’d argue single-sign-on is one aspect of giving users a better alround experience (presumably leaving their mind more free to actually learn).

This is a U.k.-based Access Management system that provides “secure single username access to multiple web-based access controlled services” with “devolved administration facilities at the organisation level.” Most of us can only look on in envy at the situation (politically at least) in U.K. higher education. In Canada, education is the jurisdiction of the provinces, but even within provinces institutions typically function somewhat autonomously. And The U.S., well fugedabowdit! Private, public, 2 year, 4 year; no wonder such schemes as this just aren’t even considered, and instead something like Shibboleth needs to happen.

Still, there’s likely some things to learn from here, and it seems difficult not to admire their list of protected resources. I expect there’s a British reader out there who might be able to shed more light on this, but single sign-on has been of growing interest to me in the project I am working on, so I thought I’d post on it, regardless of my lack of familiarity with it. – SWL