Eduserv Symposium 2009: Evolution Or Revolution: The Future of Identity and Access Management for Research
I was pleased to accept a place at this year’s Eduserv Symposium [1], which was held at the Royal College of Physicians, London. The College is close to Regent’s Park and as well as discovering about the future of identity and access management, delegates were able to have a glimpse at the past of physicians from the exhibitions that abounded in the magnificent venue. Issues of identity and access management to resources must have concerned physicians for many years; for example, 200 years ago how did physicians corresponding with each other verify the other’s identity and decide whether or not to share resources?
The programme for the day offered a variety of perspectives, both technological and socio-political, of ways in which academia can develop effective ways of allowing researchers to share resources and manage the issues of access identity. Although the programme suggested this was UK-centric, little of what was said could be considered UK-specific, indeed much of what was presented followed the symposium’s theme of collaboration across boundaries.
Opening Remarks
The day was opened by Stephen Butcher, the CEO of Eduserv. He welcomed all the delegates, and explained the role of Eduserv was to deliver shared services. He gave a little of the history of Eduserv and its charitable background. He explained that as part of the transition from Eduserv Foundation to the Eduserv Research Programme, Eduserv was no longer issuing the annual call for research projects, focusing instead on developing new and existing charitable services for the community.
Andy Powell (Eduserv’s Research Programme Director) followed with general housekeeping remarks. He had to start with an apology that Eduserv had asked for 40 user names for the wireless access, and they had all got snapped up and so now more were to be generated. The laptop users were asked to sit to the side (where power points were available) so they didn’t distract the others. He pointed out that the event was streaming live and that there was a back channel on Twitter using the tag esym09. We were warned not to try and watch the streaming if we were in the event as the wireless wouldn’t cope. Watching the Twitter stream, and the other back channel, it was obvious a number of people were following the event at a distance [2], there was a lot of praise on the day for the quality of the streaming service Eduserv provided. Subsequently video of the event was made available and it is of very high quality [1].
The phrase that stayed with me from Andy’s opening presentation was: ‘Research happens across boundaries’.
Oh, you’re that Cameron Neylon: Why effective identity management is critical to the development of open research
Cameron Neylon talked about the growing need to make research outputs more readily available, coupled with the aspects of authentication. Leading to a couple of interesting comments: ‘Whose data do you trust?’ and ‘Most researchers aren’t very good’, though in respect of the latter comment he did qualify with the observation that it applied to most of us most of the time. From these comments he led us through to the idea of a network of contacts that are trusted.
He showed us how Googling himself revealed his current role as Senior Scientist in Biomolecular Sciences at the ISIS Neutron Scattering Facility at the Science and Technology Facilities Council, as well as previous roles in other institutions. He then revealed the reason for the catchy title of the presentation: there is another Cameron Neylon who has published work with a shared co-author and as such it is important that trust is based on more evidence than just an unusual name.
User-centric Research
James Farnhill (eResearch Programme Manager, JISC) started with a review of the work done by JISC Innovation Group-funded projects in the area of access and identity management (AIM). He then moved on to looking at the future of funding in the area of researchers and identity. He foresaw a future dominated by user-centric research, with individual researchers building strong communities across the UK and beyond. These communities would facilitate the sharing of data that previously only existed on a single PC, perhaps backed up on a CD that doubled as a coffee mat. The communities would provide pre-publication of reviews of papers by trusted co-workers rather than going directly to anonymous reviewers.
James is obviously someone who believes in the importance of community and at one point in his talk he made the following statement, ‘at JISC we are nothing without the community’.
Experiences in Federated Access Control for UK e-Science
John Watt is a Research Associate at the National e-Science Centre at the University of Glasgow; he is engaged in investigating various technologies and techniques for providing federated access control to distributed data and Grid resources. He talked about a number of authentication projects, and used authentication and security as synonyms. He addressed issues related to institutional identity and presented a number of the technical issues involved. He concluded that the goal of seamless access across resources is still some way off, although there are several techniques that will serve to achieve such a goal.
Opening up User-centric Identity
Nate Klingenstein is a Senior Technical Analyst at Internet2 working on Shibboleth and aspects of federations. He started with the statement, ‘Identity is totally forked’ and the joke ‘when you come to a fork in the road, take it’. He then went on to discuss the relative merits of Enterprise-centric Identity versus User-centric Federated Identity. He cited studies of students who were very lax with their user names and passwords, sharing them readily with friends and lovers, and then changing them after a split up. He reminded us that users are lazy, and so that leads to the question, is unification or lack or unification a bad thing?
Conducting at the Piazza Venezia: An IT Director’s View from the Intersection
Mike Roch is Director of IT services at the University of Reading. He started by showing a video of a traffic cop at a busy intersection, with lots of hand waving, but with the traffic moving. He likened his role to that of the traffic cop. He talked about the set-up at Reading and other UK universities, and highlighted the concerns that faced IT managers in these universities. Interestingly, issues of access management weren’t high on the list of matters that caused them concern; in a recent survey it ranked number 13, with funding and sustainability sitting at the top of the list. Mike also talked about social attitudes investigated by Project FLAME that had run at the London School of Economics (LSE) and had interviewed first year students; in return for chocolates, over 90% had divulged their LSE user name, 40% had divulged their Facebook password, and 14% their LSE password. A large number had also parted with their credit card number. In this careless world, IT directors, such as Mike, face considerable challenges in keeping their systems secure.
News from the New Coffeehouses
David Smith is Business Innovations Manager at CABI. Before the talk I wasn’t aware of CABI; it is a not-for-profit organisation specialising in scientific publishing related to agriculture and the environment. David had taken the 17th century coffee house as an analogy with Internet-based communities. He talked about the changing characteristics of the users whom CABI serves. He presented an example of exposing data to the ‘whole world’ and how 80% of the traffic did not come from identifiable academic institutions or the like. Belonging to a university to a large extent validates ones identity, but those people who are beyond academic boundaries still need ways of validating their identity and several potential options were discussed. David finished with a selection of quotations from the Free Range Librarian blog post: ‘The User is Not Broken’ [3]:
‘You cannot change the user, but you can transform the user experience to meet the user.
Meet people where they are – not where you want them to be.
We have wonderful third spaces that offer our users a place where they can think and dream and experience information.
Most of your most passionate users will never meet you face to face.
Most of your most alienated users will never meet you face to face.
The most significant help you can provide your users is to add value and meaning to the information experience, wherever it happens; defend their right to read; and then get out of the way.’
Panel Session
Anne Bell is the University Librarian at Warwick and an Eduserv trustee; she welcomed back all the speakers to the panel session she was chairing.
The questions started with a query about what is best practice for an organisation that wants users to register; answers bounced back that it depended what sort of service it was and what information was actually needed from users, and what was the trust model. Questions from both the real and virtual audience continued ranging through telephony, mobile access, personal learning environments, risk management, reputation and trust.
Concluding Remarks
In his concluding remarks, Andy Powell spoke of the breadth of issues that were covered in the day, and said that he thought the day had addressed ‘how the Web is changing us’ and the impact of this on research, scholarly pursuits, teaching and learning. He felt the day had shown that is easier to talk about identity in relationship to teaching, rather than research, although he didn’t know why that was.
Conclusion
I felt the day was really useful; while I most certainly didn’t agree with everything that was said, there was a lot of thought-provoking comments and they will influence my thinking in the future. Indeed in the time between attending the event and writing this conclusion (some two weeks) I have had two distinct opportunities to cite things I heard at the Eduserv symposium.
I am concerned by any suggestion that a line should be drawn between issues related to teaching and research. I do not see that there is a clear gap between identity and access issues for teaching and for research, probably because my view of the world is reflected by many people who are members of many communities. This multi-membership means a researcher in one community may be a world authority, while in another community he or she maybe engaged in formal or informal learning, i.e. as a learner [4].
References
- Links to videos and details of the event http://www.eduserv.org.uk/events/esym09
- Throughout the event the tag esym09 was used, and tweets related to the event can be found at
http://search.twitter.com/search?q=%23esym09 - Free Range Librarian blog post: The User is not Broken at:
http://freerangelibrarian.com/2006/06/03/the-user-is-not-broken-a-meme-masquerading-as-a-manifesto/ - Photos of the day on Flickr from Eduserv
http://www.flickr.com/photos/eduserv/sets/72157619185537750/