{"id":352,"date":"2006-03-08T16:21:57","date_gmt":"2006-03-08T23:21:57","guid":{"rendered":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/?p=352"},"modified":"2006-03-08T16:21:57","modified_gmt":"2006-03-08T23:21:57","slug":"identity-management-in-education","status":"publish","type":"post","link":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/2006\/03\/identity-management-in-education\/","title":{"rendered":"Identity management in education"},"content":{"rendered":"<p>Speaker: Hellmuth Broda from Sun<\/p>\n<p>\nI found this session pretty hard to blog. It ranged quite widely around the challenges of identity management, but I&#8217;m not sure it came to very firm conclusions. Without the slides (lots of diagrams), it&#8217;s difficult to capture some of the stuff, and Hellmuth also used his actual driving license to demonstrates some aspects of identity management &#8211; which I can&#8217;t get down here!\n<\/p>\n<p>The original post rambled a bit too much, so I&#8217;ve removed most of it, and tried to just bring out some key things that stuck:<\/p>\n<ul>\n<li>\nProblems with managing identity is not a problem unique to computing &#8211; each card we carry in our wallets represents an indentity. However, we perhaps face new (larger?) problem.\n<\/li>\n<li>\nA typical &#8216;intensive&#8217; IT user has 21 passwords (presumably actually username\/password pairs?), and 49% write their passwords down or store in a file on their PC!\n<\/li>\n<\/li>\n<p>Location can be a cipher for identity &#8211; you know who someone is, because they can access a specific computer. We limit access to systems by asking &#8216;where are you requesting this from&#8217; rather than necessarily &#8216;who are you&#8217; (although sometimes both)\n<\/li>\n<li>\nHellmuth suggests that in the future, we start to see firewalls (limiting on location) going away, and identity becomes a &#8216;distributed firewall&#8217;. It&#8217;s a nice point, but slightly idealistic. We protect data by both location (firewalls) and identity (login) &#8211; not one or the other. Also, managing by location is practical, and sometimes desirable &#8211; for some applications IP authentication seems both sufficient and works well &#8211; it&#8217;s easy.\n<\/li>\n<li>\nThe biggest issues around identity management are privacy and trust. Specifically data is prone &#8216;purpose creep&#8217; &#8211; people often are happy for data to be used in a specific context, and only feel privacy has been compromised when the same data is used in a completely different context.<\/li>\n<li>\nIdentity Management is becoming more important in the HE sector because of:<\/p>\n<ul>\n<li>More stringent regulations<\/li>\n<li>Complex identity requirements (and rapidly changing user roles)<\/li>\n<li>Enormous scale<\/li>\n<li>Working across groups\/organisations<\/li>\n<li>Cost of changing passwords\/identities<\/li>\n<\/ul>\n<\/li>\n<li>\nStages of Implementing Identity Management are:<\/p>\n<ul>\n<li>Stage 1 &#8211; every application for itself<\/li>\n<li>Stage 2 &#8211; central authentication services &#8211; enables web initial sign-on for participating applications<\/li>\n<li>Stage 3 &#8211; full indentity management<\/li>\n<\/ul>\n<p>(I guess we at RHUL are currently somewhere between Stage 1 and Stage 2)<\/p>\n<li>You have to &#8216;think female&#8217; to do identity management properly. The &#8216;male&#8217; way tends to be One Big Database (seems like this should become an IT acronym &#8211; as in &#8220;I thought we&#8217;d do OBD&#8221;, or &#8220;Using the OBD model we will&#8230;&#8221;). Female way is to look at much more distributed approach.<\/li>\n<\/ul>\n<p>\nFinally, Hellmuth talked about Federation (the female approach) to identity management, and mentioned two key Federation initiatives:<br \/>\n<a href=\"http:\/\/www.projectliberty.org\/\">http:\/\/www.projectliberty.org\/<\/a><a href=\"http:\/\/shibboleth.internet2.edu\/\">http:\/\/shibboleth.internet2.edu\/<\/a><\/p>\n<p>\n(We (RHUL) have started with Shibboleth as part of Shibboleap &#8211; http:\/\/www.angel.ac.uk\/ShibboLEAP\/)\n<\/p>\n<p>\nSun is a Shib partner, and will support it via SAML 2.0 (due later this year &#8211; probably Q2), and they are currently testing Access Manager with a Beta version of SAML 2.0. However, happy to work with customers on Shib connectors before this date.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Speaker: Hellmuth Broda from Sun I found this session pretty hard to blog. It ranged quite widely around the challenges of identity management, but I&#8217;m not sure it came to very firm conclusions. Without the slides (lots of diagrams), it&#8217;s difficult to capture some of the stuff, and Hellmuth also used his actual driving license [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[23],"class_list":["post-352","post","type-post","status-publish","format-standard","hentry","tag-ucisa-2006-03"],"_links":{"self":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/comments?post=352"}],"version-history":[{"count":0,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/352\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/media?parent=352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/categories?post=352"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/tags?post=352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}