IDM2008

Given this is my second blog entry in as many days you’re either in for a treat or the tedium continues; I leave  you to decide.  I’d also add that due to train issues, this and the above entry WERE written separately but offline as there doesn’t yet appear to be a 3G service that provides continuous coverage on the journeys I make; if anyone can suggest one then please comment below.

So,  today was IDM2008, billed as an opportunity for those from business and government to get together and share their experiences on identity management.  I was the representative from higher and further education and giving a presentation on Innovation, which outlined what we had done on the Access Management Federation and subsequent developments.

The day featured the following presentations;

·         Graham Morrison on getting Kerberos to solve the Home Office’s issues of ‘seamless authentication’ across a range of different systems.  I liked this one for a number of reasons.  The first was that it was using what was already there and proven to work, which I think is important in identity and access management (IAM).  Next, it has been kept simple – you can’t get much more simple than using Kerberos to issue a ticket to authenticate the user (the Ticket Granting Ticket) and a ticket to authorise them to do ‘stuff’ (the Session Ticket or TGS).  Finally, it deals with levels of assurance but only gets into heavyweight biometrics and role-based access control, etc when it needs to;

·         David McIntosh (hope I spelt that right) presenting on biometric technologies and SITC.  The former taught me that your ear echoes back any sound that is played into it in a unique way to you; interesting but not particularly useful unless you want to biometrically identify someone in a quiet environment.  The latter could be more widely useful to JISC as it is a body consisting of SMEs that would like to engage with universities;

·         Jim Slevin on Manchester Airports IDM systems.  A very topical presentation as the authentication of a user can now be carried out by National Identity Card, which has caused quite a stir in the papers this morning.  More interestingly, their focus was on delivering a capability, not a solution, which I think we should focus more on.  You can actually do something with a  capability;

·         Joe Baguely presented on AD as an identity store.  The sub-title was ‘are you mad?’ and I think this summed up many people’s impression of doing this but Joe presented a very convincing argument to re-use what is already in place with Active Directory (AD) and carried out a rather unsubtle plug for his organisation, which does this and I am not going to repeat here.  I also quite liked the idea of Segregation of Duties or SOD – I’ve known it as a concept but having an acronym somehow makes me feel so much better;

·         Fraud and IDM by Logica.  I quite liked the abstract for this so attended.  I didn’t entirely regret it but found out more interesting facts about fraud than necessarily the business case for IDM, which is why I’d originally gone;

·         Dave Nesbitt on how to avoid an identity trainwreck.  Whilst this was saying what we all know such as getting senior level sponsorship, having clear priorities on what is going to be done agreed with key users, iteratively deploying rather than going for big bang and technology is difficult, it’s the human stuff that is difficult, it’s all worth repeating.  Even the take home message was worthwhile: ‘IDM is many small projects to constantly improve your infrastructure that never end’;

·         David Bowen looked at how identity management worked at Great Ormond Street Hospital.  I didn’t learn much from this but had a sharp intake of breath on the mention that single sign-out is more difficult but more valuable than single sign-in.  On the Shib front I don’t think we are ever going to get there and we shouldn’t be trying given the issues, IMHO;

·         Yours truly was next up and if you read this blog and the stuff on what I do on the JISC site then you’re going to know what was presented;

·         Conn Crawford went through how local authorities approach identity management but specifically what Sunderland have been doing.  It was great to see Conn again.  He has a knack of connecting up a range of identity management ‘stuff’ to do really valuable things in the community.  What he has done ranges from federated solutions right the way through to user-centric identity management and he was presenting on the Let’s Go Sunderland portal he has put together that allows kids from a disadvantaged background to load up a smart card with activities they can attend.  They have an allowance every month and sign up for activities but the smart thing is that they also tell the portal what they are interested in, which gives the resource providers some anonymised marketing info back and hence an incentive to offer their resources to the scheme.  This is a great example of making personalisation work whilst protecting the individual;

·         Alan Coburn presented on Glow, a teaching and learning portal for Scottish schools.  I think the most interesting thing out of this was that schools wanted to sign up for it, hence there were a great number of users, and that they had used Shib but not the federation.  It turns out the latter was due to specifying it before the federation existed;

·         Hellmuth Broda had the rather unenviable task of being last up and went through Liberty Alliance.  All very good stuff but nothing new for me.  What was of more interest was his company’s creation of batches of unique codes that could be attached to 2D bar codes, RFID tags and text messages; basically, name a media and it could be attached.  The potential was huge as these codes linked to specific actions such as vouchers, one time visits to web sites, etc.  More info on this is at www.firstondemand.com;

 

Thanks also go to Professor Gloria Laycock, who did a great job chairing the meeting to the extent that we even finished early!  All in all, a useful day and there were quite a few contact I met during the day that I’ll follow up further.  Well worth a look next year if you are interested in identity management outside the education sector.

NGS Innovation Forum 2008

I was recently at the NGS (National Grid Service) Innovation Forum 2008 to find out what existing users of the NGS were doing and to see what the reaction was to future plans for NGS Phase 3.  The first, very encouraging, point was that there were more users there this year than there have been for previous years.  Secondly, these users were more diverse, with representation from researchers, e-science centres and support functions for researchers such as IS and research computing directors.

Day one started with presentations from researchers in biology and physics biomolecules with representatives from other research areas being amongst those at the event.  It has been particularly encouraging for JISC as a funder to see this transition of the NGS from providing resource predominantly for those in the ‘hard’ sciences such as physics and chemistry to greater provision for those in social sciences and the arts and humanities.  One message that remains, however, is that if the NGS is to get more users from a wider range of disciplines then they need to offer alternative methods of accessing the service to the command line and these need to be easy to use.  The benefits are very tangible, with one presentation reporting that modelling time had been taken down from one month to six  hours.

Michael Wilson then described how EGI (the European Grid Initiative) could involve the NGS amongst others and sparked off a very lively debate on who would take the NGI (National Grid Initiative) role for the UK that was required by EGI.  Whilst the UK and other countries have expressed an interest in EGI there is still no firm commitment and Michael’s talk stressed that EGI was only a co-ordinating body for European provision of grid infrastructure, not a funding body for national facilities, as has previously been the case with bodies such as EGEE.  This meant there needed to be national commitment to ensure that the UK was appropriately represented.

From the European perspective we moved to Daniel Katz’s presentation on TeraGrid, the American national grid.  There were a number of points that were particularly notable in the presentation, out of which the most interesting one was the concept of Campus Champions.  Campus Champions help promote TeraGrid and grid usage within their campus in exchange for attendance at TeraGrid meetings and a t-shirt!  More to the point, they are people who would like to encourage grid usage and work with those who are new to the grid to help them carry out their research more quickly or simply do new research.  It is something that we see happen on an ad hoc basis in the UK but gives food for thought on how we get phase 3 of the NGS to encourage new users.  Also of interest for me, with my access management hat on was TeraGrid’s experimental use of InCommon to access grid resources.

After lunch, the programme moved onto grid technologies.  There was a good section on Condor for managing campus grids.  Whilst there is often not much attention paid to grids within an institution they form a vital part of the infrastructure available to researchers.  Hugh Beedie also pointed out that they could be a very effective green alternative to high performance computing, especially given modern machines’ power efficiency.  Next up was a session on Clearspeed from Steven Young.  He described how there were four of these maths acceleration cards that now feature at the Oxford node of the NGS.  At this stage, there isn’t much use of them but they look promising for jobs that are maths intensive.

The day finished with presentations on the training available on the NGS (from David Ferguson) and Andy Richards talking about NGS Phase 3.  Both provoked lively debate from the audience and there was a great deal of interest in David’s offer to run training on a regional basis so if  you couldn’t attend the event and you read this then get in touch directly with the training team and find out about courses at http://www.nesc.ac.uk/training/.

Day two was a chance to tie up with the campus grid SIG and to look at what the experience was for those who had joined the NGS.  The overall conclusions seemed to be that whilst it wasn’t easy to set up the software, the NGS had a very active support community that made the whole process a easier and that there were tangible benefits from going through that process.  This led into how to make the NGS sustainable, which follows the general trend with projects in JISC that are moving to be a service.  It was a topic that received a good deal of audience feedback and I am hoping that this can be followed up after the event as it is not going to be an easy task keeping access as easy as possible whilst making sure that institutions are appropriately recompensed for what they contribute.

The day finished with presentations on new directions for the NGS.  Keir Hawker went through what data services were on offer, with a range of options from Oracle through to MySQL.  Mike Jones then went through how the SARoNGS project was working to allow users who were members of the UK Access Management Federation to get access to NGS resources.

So, what were the key points to take away from the meeting?  I think they were:

• Research is global and the grid offers a good way of working collaboratively within a trusted infrastructure.  It will be interesting to see how this ties into ongoing work on interfederation and virtual organisations in the identity and access management area;
• The NGS has a great deal to offer the researcher and they are very keen to engage with active researchers to help them carry out novel research or to make what they do more efficient;
• There are no doubt potential users of the NGS who could benefit enormously from using it so it is well worthwhile attending a training event or one of the e-Research Roadshows to find out more;
• Whilst there are resources to try the NGS that are free at the point of use, this model will not scale infinitely so there need to be equitable models for sustainability;
• There is a growing community of researchers from an increasingly wide range of disciplines but there still needs to be a focus on growing that further;
• The institution needs to get involved in helping its researchers access grid facilities as more and more research is collaborative in nature.  This is not just providing access to the NGS but includes grid resources on campus so that researchers have a range of resources available to them;

All in all, it looks to be an exciting future for the NGS.  The next major decision point is whether approval is granted by JSR for the Phase 3 proposal.  My thanks to Andy Richards and the team at NGS for a great event and inviting me along and paying for my accommodation.

• Search

  
  

• Recently Written

  • Audiences
  • JISC OpenID Report
  • AHM2008
  • Less of the XML
  • IDM2008
  • NGS Innovation Forum 2008
  • New Research Project: Privacy Value Networks
  • Grant 10/08: Project to Develop an Identity Toolkit
  • 30-5-10
  • TERENA NRENs and Grids Meeting, September 2008

• Categories

  • Access Management
  • eResearch
  • General
  • Identity Management
  • JISC
  • Project Management

• Archives

  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008

• Blogroll

  • WordPress.com
  • WordPress.org

• Admin

  • Login
  • WordPress
  • XHTML