Colleagues,

Just to put our own library side of the current discussions, and in
support of our IT Services staff contributions,
a good deal of frustration was shared at our last meeting (and we are
fortunate in having regular
and very positive contact with our IT Servcies department). I think this
frustration centered on the
fact that here we were again, now only 12 weeks away from 'D' day (i.e.
D for disappearance of current
Athens arrangments), having met several times already over recent
months, and we were still struggling
to identify any conclusions. And what do we tell our users? That instead
of using their Athens password,
there may now be three different ways of signing into various services,
but hopefully, after a year
this will be resolved?

Yes, the technology at our end is in place - having thought this might
have been the toughest part,
this actually turned out to be the least of our problems. A barage of
communcations have been forthcoming
from both the JISC and Eduserv sides, though often without any
cross-referencing, so that the service
users, mostly libraries, were left bewildered, and trying to work out
exactly what was going on and when.
Phonecalls then came, enquiring what we were going to do and why, and
all the while the clock was
ticking, not helped by the news that the gateway agreement we were
relying on to tide us over the
transition wasn't in place after all.

External meetings have been attended, some arranged by JISC and another
giving the Eduserv
view, and so great was local confusion here that neighbouring libraries
contacted each other
and got together, only to realise that we were all in the same boat, and
that everyone was confused
and anxious about what to tell their users would be happening after 31st
July.

The situation we are in now, should have been happening a year ago, so
that we had ample
time to prepare the way for the demise of the current Athens agreement,
and give our
users a long lead in to the changes taking place. Details of the various
states of play, and how ready
or otherwise different suppliers are, have been addressed elsewhere in
the discussions, but
the last few months have been an object lesson in poor transitional
management.
Fortunately, librarians are good at creating order out of chaos, but
this has been especially challenging.

Jean

Jean E. Shaw
Head of Library Systems Division
University of Strathclyde Library
101 St James Road
Glasgow, G4 0NS
UK

Email: [log in to unmask]
Tel: 44 (0) 141 548 4632
Fax: 0141 552 3304 

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.


> -----Original Message-----
> From: Discussion list for Shibboleth developments 
> [mailto:[log in to unmask]] On Behalf Of Jethro R Binks
> Sent: 07 May 2008 12:09
> To: [log in to unmask]
> Subject: Re: Progress towards the federated goal. Or otherwise.
> 
> On Wed, 7 May 2008, Nicole Harris wrote:
> 
> > As we have mentioned several times, the definitive list of Service 
> > Provider information is here:
> > http://access.jiscinvolve.org/federated-access-and-publishers/.
> 
> I find that page would be much easier to read and interpret 
> if in tabular format.  If you're looking up a particular 
> supplier it is, to an extent, fine, but if you are just 
> browsing, it is hard to see the general state of play.  How 
> comprehensive a list of suppliers is it, in actual fact?  Our 
> library people seem to have a number of other of such lists, 
> from various sources.  I take Alistair's point that the 
> Federation metadata is the more canonical reference for 
> who-is-there-now, but that doesn't help for the 
> we-plan-to-be-there ones.
> 
> Here's an example of another problem I have with that list:
> 
> "British Library (Archival Sound Recordings) Plan to join UK 
> federation and be federation-compliant by 31 July 2008"
> 
> When did they say that?  Are they still on course to meet 
> this deadline?  
> When were they last asked?  Will they be doing some user 
> testing?  How can we find out?  Is there a web page they have 
> published with some more information on their current status? 
>  Do any of the providers have such a web page?  If so, why is 
> it not linked from somewhere like this list?
> 
> While it is a worthy effort to have this list, and I 
> acknowledge Nicole's point that it is updated daily as 
> information arrives, it isn't clear to the reader when the 
> list was updated and what the update was.  We don't know how 
> up-to-date any particular entry on the list is.
> 
> > However, at the end of the day if a publisher's timetable 
> slips, the 
> > publishers timetable slips. As soon as we are aware of 
> this, we update 
> > the list.
> 
> How do you become aware of this?  How do we know when the 
> list has been updated, and what was updated in it?
> 
> > In terms of signing up to Athens, you will effectively be signing a 
> > contract for a service that is already in operation in your 
> > organisation, so I don't see why a 6-8 week lead time would be 
> > necessary.  Institutions already have to sign-up to the 
> Athens Terms 
> > and Conditions - it is just that this will now come 
> accompanied by an 
> > invoice.
> 
> We don't know the exact procedure, perhaps someone from 
> Eduserv can clarify here.  Notwithstanding the decision on 
> the cost (and saying "commit before end of May to improve the 
> price for every member of the community" sounds somewhat a 
> morally dubious practice, even if it is just a statement of 
> fact!), the fact is that at the end of the day, probably most 
> HEIs (at least) will require to maintain access to some 
> resources which will not be Federation members by the end of 
> July, and will require continuing use of Athens in order to 
> provide it.  So probably a huge number will be signing up 
> anyway for a year, and will see how the land lies in six 
> months.  But no-one seems willing to just go ahead and say 
> that out loud.  Are there actually any HEIs currently using 
> Athens that do NOT intend to take up Athens in the same form 
> for the next year?
> 
> We agree that implementing an IdP has been useful in itself, 
> and it has been a useful process for the organisation in 
> terms of looking at its data on users, and we're sold on the 
> principle and vision of federated access.  
> But despite the best intentions and promises (misplaced or 
> not) of JISC, Eduserv and everyone else, the end-game is that 
> we almost certainly need to pay money for OpenAthens for 
> another year (or maybe more - when will we know?).  In which 
> case, some might wonder why we bothered with Shibboleth in 
> the first place?  And we can't be alone in that.
> 
> > JISC has put significant effort in to working with 
> publishers and has 
> > definitely stepped up to the mark in taking responsibility 
> for primary 
> > negotiations.  We have one FTE who is purely dedicated to 
> working with 
> > publishers on this issue - and that is a significant 
> resource as JISC 
> > would not normally be able to shoulder an overhead of this 
> type.  JISC 
> > Collections has also played a significant role and all new licenses 
> > ask for SAML compliance.  They also have daily conversations with 
> > publishers and also put significant pressure on for their 
> services to 
> > be SAML compliant. ... There is another SCONUL event next 
> week. ... I 
> > will be giving a presentation describing the steps that 
> JISC has had 
> > to go through to set up its own directory service, IdP ... 
> This will 
> > include pragmatic examples of library type activities that we have 
> > undertaken like creating a wiki page called 'My Collections' ...
> 
> This is all wonderful news.  But why is it 'news'?  Maybe I'm 
> not reading in the right places (and do I have time to read 
> all the right places anyway, since this isn't a core part of 
> my job: keeping on top of the obvious core ShibFed-related 
> resources is plenty enough), but the fact that I'm not really 
> aware of these activities, and it took Bruce's message to 
> tease them out, is itself somewhat an indicator of the 
> problems that we perceive, even if no-one else does.
> 
> > We have always been clear that this is not a 'techie' problem or a 
> > library problem, but one that has to be worked on together.
> 
> We fully ackownledge that, and within our organisation 
> divisions of IT Services and the library have been meeting 
> regularly.  As Bruce mentiioned, he has also been involved in 
> presentations and awareness-raising in amongst the management 
> and academics.  They do not really need to know the 
> nuts-and-bolts and nitty-gritty, but they do need to be aware 
> that things are changing, and the next year will be an 
> interesting time, as, we hope, Athens "goes away", and 
> "institutional logins" become in-vogue.
> 
> To respond to Chris Keene's point:
> 
> > I think those I have talked to see it as a identity 
> management issue 
> > first, a tech issue second. The tech stuff can be done without 
> > involving too many people, the identity management often 
> involves many 
> > on campus, and the whole shibb thing has been a good excuse (ie 
> > forced) some organisations to try and get their house in 
> order in this regard.
> 
> I should note that Bruce probably means "techie" in a wider 
> sense, not just in terms of IdP implementation, but including 
> organisational activities to support Identity Management 
> (which usually comes down to database requirements and 
> procedural changes).  I think he meant "techie" 
> specifically as a contrast to library- and licence-related 
> matters, which are more administrative concerns outwith IT 
> Services itself.  And specifically, we have been thinking 
> about how we present all this mess to the users; what and how 
> we communicate to them (and trying to avoid that nasty Sh- 
> word, or indeed the unwieldy phrases with the F- word in 
> them), and what changes need to be made to our presentation 
> of access resources for the users.
> 
> As an IT person, getting my head around the concept of WAYFs 
> and WAYFless URLs and so on is bad enough; I have much 
> sympathy for my non-technical library colleagues, especially 
> when, as Alistair pointed out, there are so many 
> different-looking interfaces for getting authenticated to a 
> different resources.  How do you communicate that 
> meaningfully to the users?  
> "Click on the Athens login box" is no longer sufficient.
> 
> > Let's not also forget the wider Service Provider development that 
> > might fall outside of the library remit.  At the moment, we have a 
> > programme of work internally to federate the JISC filestore, JISC 
> > Wikis, JISC Involve and several JISC information systems.  This is 
> > where some of the real benefits of federated access can be 
> felt - and 
> > it would be a pity to miss out on these. I would expect 
> these type of 
> > services to be considered by the above mentioned working 
> group just a 
> > prominently as the third-party library resources.
> 
> I see Shibboleth as an enabling technology to help with all 
> these internal authentication issues that are currently 
> lashed together by other means involving dubious trust 
> boundaries across organisational units.  The more information 
> and guidance on this the better: the majority of current 
> emphasis has been on getting the IdP in place and providing 
> access to library-type resources, but Shibboleth is a 
> technology implementation that can give far more internally; 
> it is not high on our agenda at the moment, however, since 
> that's to our own timescale, not an externally-imposed one.
> 
> > Don't forget that my team is here to help and answer questions 
> > whenever possible (although the team will only be in place until 
> > December 2008 at the latest).
> 
> Where does that leave institutions who purchase OpenAthens 
> for one year as a stop-gap to get around the lack of 
> Federation support by suppliers?
> 
> Mark Williams posts on the Jiscinvolve access management blog:
> 
> "Where they will be in August 2008 and more importantly Aug 
> 2009 really has to start now. ... For many coming to the 
> issue this late from a cold start, a stepped approach may 
> well work best (one solution for this August while working to 
> another longer term one by Aug 2009)."
> 
> Who will be there to advise us after December 2008?
> 
> We surely appreciate the time Nicole and others have spent 
> with their responses; but it is hard for us here at the user 
> end not to feel that we're treading water, and there's a 
> tidal wave of confused and frustrated users somewhere on the horizon.
> 
> Jethro.
> 
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
> . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services
> University Of Strathclyde, Glasgow, UK
>