Software Usability
We’re currently in the process of sorting out a new intranet at JISC so that programme managers, amongst others, can very easily access information about the ever-increasing portfolio of projects that we deal with every day. For those who have dealt with JISC for a while, you’ll know that this is massively long overdue and should provide what we need to help cope with our own data deluge ;-).
So, it was with a great deal of happiness that I saw one of the first areas that was covered was usability. Again, for those of you who know me it’s a subject that I regularly get up onto my soapbox about as I think it’s absolutely critical for good quality software. Even the best written code can be let down by a shonky user interface that hasn’t involved the user but is ‘functionally perfect’; it’s not the greatest of starts and often leads to a system being dropped before it even gets off the ground. We’re now into the second round of providing input into the usability of the system and I’m really hoping that what I’ve seen so far makes it through to the final system and we get an intranet that is both usable and useful.
This brings me onto usability and JISC-funded projects. Whilst we are always going to cover bleeding edge software that’s going to be sub-Alpha, never mind perpetual Beta, we’re increasingly funding projects to deliver software for use by users rather than proof of concept. That means usability is really, crucially important and that the user has to be involved. If I had one piece of advice to give to new projects producing software to be consumed by users (and some of my own projects are doing this as we speak) then it would be to get the usability right and adoption by any community will be a lot easier. It’s a lesson a good deal of successful open source products such as Firefox have learnt and thrived on; I’m hoping it’s one that my own and several other projects within e-Research learn too.
InCommon Identity Assurance Programme
InCommon are now joining others, including JISC, in looking at identity assurance with their new Identity Assurance Programme. In short, identity assurance is usually defined as how confident you are that the user is who they say they are but it can become a very hotly debated topic as it can apply to other areas as well. The JISC interest has been long running with the technology being demonstrated in the FAME-PERMIS project and the policy side of which resources should have which level of protection being applied in the ES-LoA project. Currently InCommon are looking at just NIST Levels 1 and 2, which cover the lower levels of assurance and stop short of mandating full biometrics and key cards. This is interesting, as is their terminology of Bronze and Silver to help the user understand more about what they are being expected to give for a certain resource and the resource provider to understand what they are asking for.
Currently the programme documents are up for review at their web site so it’s worth having a look if you’re interested in this area. I can see that it is one that will become increasingly important as both IdPs and SPs get their head around the federation as it stands and then want to go a step further for their more valuable resources.
Identity at TNC2008
The Terena Networking Conference is quite often a good chance for NRENs(National Research and Education Networks or the people like JANET who provide the network for further and higher education) to network, as it’s billed. Increasingly, though, it has been a good chance to catch up on what sits on top of that network as NRENs move to services they can provide on the network. A good example is the recent session on identity management and I had the good fortune to be able to follow it by video stream rather than having to fly out to Bruges to catch it.
A presentation I particularly liked was one by Giles Hogben from ENISA on social networking and identity. He covered the usual breaches as a result of revealing personal information such as:
- Losing your identity altogether as a result of harvesting information from social networking sites;
- Providing information for scammers to make realistic scams using your institution information through sites such as LinkedIn (I didn’t realise this but apparently there is a tool for $200, which allows you to get any information you want from LinkedIn);
- Suffering damage to your reputation by sharing that drunken night out that may now not look so clever;
However, it also looked at the possibilities presented by social networks, particularly now that they offer better levels of control over who can get to your personal data:
- Facebook now gives you better control over who you share your data with; you still have to be cautious but you can at least now limit where your information goes;
- Giles touched on how you can build your reputation through social networks and hence increase trust without having to necessarily prove it through the usual route of certs, credentials, etc;
- Data portability - with Friend Connect from Google and other tools to be able to exchange personal data (quite often based around OpenSocial), there is potential to have more control of your personal data and to be able to move it around. His ultimate aim is to have personal data you can secure with a certificate so that you can ensure your personal data can travel to who you would like without getting intercepted inbetween.
All in all, a good session and worth further reading. The brief for the session and the slides are at http://tnc2008.terena.org/schedule/presentations/show.php?pres_id=7 . The full paper is at http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf but quite a long one so maybe read the exec summary and decide whether you would like to read the whole thing.
Risk
Without a doubt, one of the areas that can most benefit the projects we commission is the effective management of risk and yet it comes up time and time again as being a problem area. The most common response is to repeat what is in the template project plan or to come up with some standard risks that seem to do the job. So, I’m not going to be surprised to see in my next project plan something along the lines of ’staff may leave the project’. This really isn’t doing anyone any favours, least of all the project, and my standard advice is to think very simply and list out all the ‘bad things’ that could happen in the project, how likely they are to happen, what would be the impact if they did happen and what the project is then going to do to avoid them. Generally, about 10-15 minutes of thought on this leads to the risk section being completed far more effectively and hopefully to us avoiding some of those ‘bad things’.
I’m mentioning this because in this week’s Computing there is a whole section dedicated to risk, which starts with how to address it (see http://www.computing.co.uk/computing/analysis/2216492/damage-limitation-3990558) and there is a comment piece on one of the webinars they run that was on managing risk (see http://www.computing.co.uk/computing/analysis/2216502/managing-risk-people-process-3990563). Both are worth a look as they contain some good practice that can be used in any project, not just business projects.
JISC Report on Keeping Research Data Safe
An area that we’re doing more and more work on in JISC is around research data. This latest HEFCE-funded report investigated the medium to long term costs to Higher Education Institutions (HEIs) of the preservation of research data and developed guidance to HEFCE and institutions on these issues. It has provided an essential methodological foundation on research data costs for the forthcoming HEFCE-sponsored feasibility study for a UK Research Data Service. It will also assist HEIs and funding bodies wishing to establish strategies and TRAC costings for longterm data management and archiving.
The report is available on the JISC web site at http://www.jisc.ac.uk/publications/publications/keepingresearchdatasafe.aspx.
To Wiki or not to Wiki?
There’s always quite a lot of discussion as to what to do with wikis and never more so than at JISC, where we have projects using them and we quite often use them ourself. My personal experience has been that they can be extremely useful but only if they are used properly. One of the most frustrating aspects for me is when information is put into a wiki and it’s very difficult to either find it or read it and there are other issues such as finding what has changed since the last version, which is quite often poorly managed. However, on the positive side, a wiki can be a great way of collaboratively authoring a document and what I’ve found useful is to use a mailing list or Skype conversation (hey, or even talking with people 
) to frame up what needs to be on the wiki and then put it in there and have an editor who can bring the whole thing together at the end from comments that have been added below the text. So, wikis can be very useful when they are blended with other means of getting discussions into a form that can be used for calls, project documentation and programme documentation. It would be good to hear from others about what they feel works best.
Venn Diagram of Identity
A great article on different approaches to identity expressed in a Venn diagram. See http://www.xmlgrrl.com/publications/IEEESecPriv-MarApr2008-MalerReed-Venn.pdf for the full article. Quite a long one but it does cover key concepts on identity and gives a view on how different approaches overlap.
Identity - An Alternative Perspective
I’m on a group that is looking at user-centric identity at the moment and there are quite a few interesting resources coming out of it. One that has come up recently is Hankering for a World without “Identity” or “Federation” , which takes an alternative look at how we could deal with identity. It raises some interesting questions about social concepts of identity and how these could be used as well as the technology to make those assertions we are all so keen on having; or making. Be warned that this is quite a long post but one that’s worth reading.
Resources for Green Research
Bill St. Arnaud over at CANARIE has had numerous posts on green IT on his blog and recently condensed some of the resources on green research into one place, that I’ve included below as I think it’s of interest.
CyberInfrastructure 2.0 Blog http://blog.cybera.ca/ BCnet Workshop on Green Cyber-Infrastructure May 22 Vancouver CLS workshop on web services for remote instrumentation http://www.lightsource.ca/medsi-sri2008/workshops.php#remote The tools being developed by researchers to allow remote access for scientific instruments such as under the ocean or remote beam lines will serve as a model for future “green” cyber-infrastructure. Because of the huge power demands of new big science instruments and computers combined with the increasing shortage for power at our existing research centers means increasingly these facilities will have to be located in remote zero carbon, renewable energy, science centers. Instruments and computation will need to be accessed remotely. Green House and Green Computing at Norte Dame http://ianfoster.typepad.com/blog/2008/04/greenhouse-and.html Clouds over Chicago http://ianfoster.typepad.com/blog/2008/04/clouds-over-chi.html Integration of Grids and Clouds 4th International IEEE Computer Society Technical Committee on Scalable Computing eScience 2008 Conference http://escience2008.iu.edu Organizing committees of the 4th International IEEE Computer Society Technical Committee on Scalable Computing eScience 2008 Conference are now accepting papers and proposals for tutorials; posters, exhibits, and demos; and workshops and special sessions. Topics of interest cover applications and technologies related to e-Science and grid and cloud computing. They include, but are not limited to, the following: * Application development environments * Autonomic, real-time, and self-organizing grids * Cloud computing and storage * Collaborative science models and techniques * Enabling technologies: Internet and Web services * e-Science for applications including physics, biology, astronomy, chemistry, finance, engineering, and the humanities * Grid economy and business models * Problem-solving environments * Programming paradigms and models * Resource management and scheduling * Security challenges for grids and e-Science * Sensor networks and environmental observatories * Service-oriented grid architectures * Virtual instruments and data access management * Virtualization for technical computing * Web 2.0 technology and services for e-Science NSF Cluster Exploratory Project http://www.nsf.gov/news/news_summ.jsp?cntn_id=111186 In an open letter to the academic computing research community, Jeannette Wing, the assistant director at NSF for CISE, said that the relationship will give the academic computer science research community access to resources that would be unavailable to it otherwise. “Access to the Google-IBM academic cluster via the CluE program will provide the academic community with the opportunity to do research in data-intensive computing and to explore powerful new applications,” Wing said. “It can also serve as a tool for educating the next generation of scientists and engineers.” “Google is proud to partner with the National Science Foundation to provide computing resources to the academic research community,” said Stuart Feldman, vice president of engineering at Google Inc. “It is our hope that research conducted using this cluster will allow researchers across many fields to take advantage of the opportunities afforded by large-scale, distributed computing.” “Extending the Google/IBM academic program with the National Science Foundation should accelerate research on Internet-scale computing and drive innovation to fuel the applications of the future,” said Willy Chiu, vice president of IBM Software Strategy and High Performance On Demand Solutions. “IBM is pleased to be collaborating with the NSF on this project.” In October of last year, Google and IBM created a large-scale computer cluster of approximately 1600 processors to give the academic community access to otherwise prohibitively expensive resources. Fundamental changes in computer architecture and increases in network capacity are encouraging software developers to take new approaches to computer-science problem solving. In order to bridge the gap between industry and academia, it is imperative that academic researchers are exposed to the emerging computing paradigm behind the growth of “Internet-scale” applications. This new relationship with NSF will expand access to this research infrastructure to academic institutions across the nation. In an effort to create greater awareness of research opportunities using data-intensive computing, the CISE directorate will solicit proposals from academic researchers. NSF will then select the researchers to have access to the cluster and provide support to the researchers to conduct their work. Google and IBM will cover the costs associated with operating the cluster and will provide other support to the researchers. NSF will not provide any funding to Google or IBM for these activities. While the timeline for releasing the formal request for proposals to the academic community is still being developed, NSF anticipates being able to support 10 to 15 research projects in the first year of the program, and will likely expand the number of projects in the future. Information about the Google-IBM Academic Cluster Computing Initiative can be found at http://www.google.com/intl/en/press/pressrel/20071008_ibm_univ.html
We’ve got our own investigation into green IT that Rob Bristow is leading so it will be interesting to see what comes out of that and applies to research.
The Future of the Internet
I attended a lecture on the The Future of the Interent: and How to Stop It at Oxford, yesterday and it had some very thought provoking material. The premise of presenter Jonathan Zittrain’s talk was that there are generative and non-generative technologies, of which the internet was a good example of the former. He argues that when the internet started it was very much like the PC in that it provided users with an environment to do stuff, some of which wasn’t even intended. His argument is that we are now moving to an internet that is contingently generative, so that there are limits on what we can do within the environment and, most importantly, those limits can be retrospective. So, an example is the terms and conditions that apply to Facebook apps - if Facebook don’t like your app then they can remove it or they can even charge for it. Jonathan argued that this is ultimately killing innovation and innovators on the internet.
I hope I summed all that up OK but would welcome comments from others that were there. As with all polemics, it proved thought provoking and raised some quite heated debate. From my side, it was interesting to see how this reflected on identity and what we do in JISC Innovation, which is innovate. We need to have safeguards in place to allow people to use the internet safely and use their personal information without it being appropriated by others or misused or both. Jonathan painted a fairly bleak picture that in it’s current state we would be really pushed to have those safeguards as spammers and fraudsters were rapidly getting more and more sophisticated to the point where we could use legitimate sites and still be victims. His alternative was a contingently generative internet where we can use apps supplied for us but not innovate and experiment with our own material. I’m minded to be a little more optimistic and, whilst there are extreme examples of sophisticated fraud, balance the risk with the opportunity. We’re increasingly getting to stage where we can all make our own tools to do what we want; surely that massive potential shouldn’t be stifled by a few very sophisticated scams on a few sites. Taking another analogy used in the lecture, we all have the potential to get burgled but we still leave our houses every morning. That’s more the sort of secure internet I’d like to see where we’re not so afraid of the risk that we don’t grasp the opportunities and we do the most we can to make sure we’re as secure as possible.