As You Like It Identity at JISC Conference 09

So, we had a great session at the JISC Conference 2009 on identity and both Lawrie and I were exteremely pleased with the audience feedback and involvement we had.  I won’t repeat the notes of what was discussed as the very diligent and accurate roving JISC blogger assigned to our session got those and they are here (many thanks for that).

What I will do is to go through what I got out of the session, a few more resources on identity and some of the material we didn’t get to cover.

So, starting on what I got out of the session:

– People are thinking a lot more about identity issues in academia; when we first started talking about identity in groups  (a good example being in the first blog post I ever did for JISC) , we had a large number of listeners and fewer particpants.  Great to see that more people have gone to find out more and are looking at how they need to deal with identity in their area;

– Universities such as Cardiff (thanks to David Harrison for mentioning this at the session) are starting to educate their students on how they need to deal with identity.  It would be useful to have more examples as one of the points raised in the session is that students are a key group to engage with;

– There are many people out in institutions who have a good grasp on the issues that need to be dealt with and an appreciation of what it means for their areas;

– Working with an audience rather than presenting to them can get the most out of a session for both the people leading the session and those attending.  I must admit I was a bit fearful of how this would work given we had a small room that was packed full (Lawrie even gave up his chair!) and it was quite a large group (70+);

– Identity is a complex subject yet it is one that can be approached simply by working with our peers to understand how it will affect how we work in academia;

– We can control our identity and reputation online, which benefits not only us but also our teams our departments and our institutions.  We need to think at a variety of scales;

In terms of resources, we had a jargon segment to try to explain key terms that are used within identity management.  I’ll stick my hand up to a few admissions:

– These weren’t intended to be ‘absolute’ definitions;

– They aren’t intended to be a comprehensive glossary – there are no doubt omissions but I feel it is best to start small and these are the most common (and often for a new user most confusing) terms that are heard;

– When I wrote them I was writing them for the average learner, teacher or student in an institution – yes they are simplified and lose some of the technical detail;

So, after all the excuses, here are the terms:

Identity credentials – generally a username and password but anything that identifies you as a user.  Also known more commonly as an ‘identity’.

Registration – ensuring that the person who you are issuing a set of identity credentials to is who they say they are.  When we talked about the birth of an identity in the session, registration is when this happens.

Authn – Authentication – re-verifying that the user is who they say they are before they are allowed to carry out an action.

Auths or authz – Authorisation – the process of verifying that someone who is trying to access a resource (be that a paper, journal article, some data or something else) is entitled to do so.

PII – Personally Identifiable Information – anything that can personally identify you or another person. This could be your name or a piece of information about you that could only apply to you.  This is what we most need to protect and ensure is up to date as it can affect our academic reputation.

User-centric identity – the concept of the user being able to control what information (PII or otherwise) they release about themselves and thus control their identity.

OpenID – a technology that came out of the social software world (think blogs and wikis) that allows you to control what information you release about yourself. One of the most popular user-centric identity systems.

OAuth – a new technology that allows applications or sites to carry out an action for a user without handing over user names and password details to another site. The best example is the recent talk over software like Tweetdeck being able to post comments to Twitter on behalf of users.

Federated identity – is where a series of bodies that provide identity credentials and a series of bodies that control access to resources get together to agree a common set of rules so someone who has identity credentials from any of the bodies that issue them can access resources from any of the bodies that control access to them.

UK federation – the body in the UK that provides federated identity for UK further and higher education.

Finally, here are a few further resources:

– The presentation and notes can be found here;

– allows you to see what information is held about you.  You can equally use Google to do a similar search for yourself;

– tells you more aboutOpenID and how to get one;

– more information on OAuth and how it works;

– Andy Powell is running a symposium on access and identity management in e-research; more details can be found here;

– JISC’s latest project is producing an identity management toolkit for institutions.  More details on what it is doing can be found here;

I’d welcome comments on this blog, the events blog or tweets tagged with either #jisc09 or #jisc09_id.  We need to keep this discussion going and build on the good work done in the session.  If you have any direct questions on what JISC is doing in access and identity management going forward then please talk with Chris Brown, who is taking over this area from me.

2 thoughts on “As You Like It Identity at JISC Conference 09

  1. Pingback: JISC Access Management Team » Blog Archive » Identity Management and Registratiom

  2. James Farnhill

    Worth expanding the comment above a little as Nicole makes the point that registration is establishing a relationship between a user and an identity provider and verification is then the process of ‘establishing that the user has the right to assert that identity’. I think it’s fine we do that on the technical mailing lists but what’s more important for the user? I’d still argue that registration is where they say who they are. We can argue the ins and outs of how much confidence we have in that. On some occasions, having a valid e-mail address is actually OK. On others we might want a little more so we’d like to see some photo ID or an official document to register the individual. My primary arguement is that as we move towards user-centric identity where we all control what identity information we release then we need to keep concepts as simple and as mainstream as we can. OK, we’re not strictly accurate but we can leave that to the tech guys; that is, after all, their job ;-).

Comments are closed.