Dear All
I am going to try and deal with some of the issues that have come up on
the list today but I'd like to separate them out to answer them fully.
Firstly, I thought I'd say something about personalisation features
within Service Providers.
When migrating data from one system to a new system and those two
systems do not use the same standards, it is always inevitable that
data will be lost. This is the same debate we have seen elsewhere -
for example the silos of data caused by the use of proprietary VLEs
when institutions decided to move to a new system. This is one of the
main reasons we are moving to a federated approach - the use of open
standards means that people can move between identity providers with
certain assurances and the core data is held at the institution and can
be reused. So, we are putting in place a system where interoperability
and compliance to standards will get better - but we have to get there
first.
We have looked at various different ways that the personalisation
features used in an Athens system could be migrated across to be used
in a devolved authentication approach but have not come up with a
viable way of providing a single solution to this problem. Some of the
suggestions that have been identified - i.e. carrying the Athens
personal ID as an attribute - are simply not viable because
institutions simply don't have access to full sets of this sort of data
for all of their users and it would involve significant work at the
directory level. Much of the data that would be needed is native to
the Athens system and as such I don't think anyone outside of Eduserv
could come up with a viable solution for this. I'd be really
interested to know if anyone at Eduserv had any ideas on how this could
be added as functionality for customers of the Shibboleth - Athens
Gateway?
There are also significant complications in understanding how Service
Providers have set up personalisation for end-users and how this is
tied to Athens user accounts.
At the JISC end, we are taking the most pragmatic approach and talking
to Service Providers as part of the dialogue we are having with them
about joining the UK federation. Some have been able to come up with
solutions (i.e. Jiscmail and MIMAS), others are finding it more
difficult. We are also asking people to highlight to us when they are
aware of Service Providers that directly link personalisation to an
Athens user account rather than managing natively. It really is
dependent on the platform, systems and approaches of each individual
service provider. We will keep having those conversations but we will
be focusing our attentions on Service Providers who have or are in the
process of joining the UK federation.
I'd also encourage all institutions to be making their requirements
known to Service Providers as part of the dialogue you have with them
as you negotiate licensing, access etc. JISC can make representations
on the behalf of the community and has a strong voice that way but at
the end of the day the customer needs to make their requirement known.
This is equally true for any products and licenses you may choose to
but from identity solution providers.
Another option described was the idea of SAML-account linking...or the
idea of federating identities. Lots of people are looking at this -
the Shibboleth developers, people at Ping Identity, liberty alliance
approaches etc. However, to link SAML accounts both accounts would
need to be SAML based - and unfortunately this is not the case in the
scenarios we are looking at here.
I hope this helps - but happy to hear any more comments people have.
Best wishes
Nicole
--
Nicole Harris
Senior Services Transition Manager
JISC Executive
Brettenham House (South Entrance)
5, Lancaster Place
London WC2E 7EN
Tel: 02030066035
Mob: 07734058308
----------------------------------------------------------------------
Anything in this message which does not clearly relate to the official
work of the sender's organisation shall be understood as neither given
nor endorsed by that organisation.
----------------------------------------------------------------------