Educause 2009 Wrap Up

Well, it has been a very good conference.  I just wanted to wrap up my experience and overall impressions of the conference, and the two biggest highlights for me.

The biggest highlight was having the opportunity to present about Identity Management and what we are doing at Vanderbilt in this area.  This gave me the opportunity to speak with several different people from many various universities and countries to discuss what we are doing, and what others are doing in the same space.  I definitely want to look into future presentations, in particular, I think presenting next year on our partnerships with Google and VU GMail, as well as Microsoft with our future live@edu integration might be a good topic.

The second highlight would be the discussions and learning around federated Identity.  Learning about the various levels of assurance that InCommon supports, the various international efforts of inter-federation, and having the opportunity to speak with several of the key players in this space has been very helpful and educational.  This is an area that we are not leveraging to its greatest potential, and we need to do better in. 

Overall it has been a very good conference.  I have learned a lot from the various sessions, and look forward to sharing some of the things that I have learned with others when I return. 

EDUCAUSE Core Data Service Fiscal Year 2008 Summary Report

Overall great report for understanding what other institutions are doing in various different areas.  Data gathered from Jan to May of 2009.  broken up into five groups.  Only disappointing thing was the lack of web 2.0 and other newer technologies in this survey.  I got the contact information for the presenter, and I spoke with her after the presentation.  I am going to be sending her some recommendations on other areas that would be of value like gmail/outlook live usage, OCS deployments, etc.

Full report: Understanding the Core Data Service [PDF 210 KB ]

Section 1 IT Organization, Staffing and Planning [PDF 394 KB ]

Section 2 IT Financing and Management [PDF 436 KB ]

Section 3 Faculty and Student Computing [PDF 298 KB ]

Section 4 Networking, Advanced Technologies, and IT Security [PDF 900 KB ]

Section 5 Information Systems [PDF 362 KB ]

Some interesting data charts:

Data bandwidth.  (This one is for Dave Mathews)

IDM technology adoption rates for doctorate schools:

This one is for Pat Jones:

Interesting trends in outsourcing and using open source:

And finally, trends in using home grown systems:

Federation Discussions: dreams

In beginning Federation, believed that it could work,  but didn’t know if it could scale.  Making great strides in inter-federation.  Technologies are looking good.  policies are also making progress.

Global technical issues are close to being solved.  Policy issues are harder. Some attributes don’t have common meaning across international boundaries.  Privacy laws vary from nation to nation. In US, there is no federal privacy laws.  Because of this, states have come up with their own laws.  Some cities have their own laws.  Even counties have their own (including Boulder, Colorado County).  THis will be chaos if it continues, and will make this very difficult.

Over next few years – domestication of applications – look outside the application to a generalized repository for groups/roles etc.  Authorization done outside of the app.  Organic process .  Lots of rules and use cases around this. 

[I don’t know if this will work.  Authorization at the same level of federated authentication seems like it is a very HUGE challenge.  Seems like if they have trouble now with having attributes mean different things across international boundaries, what trials will be introduced when they try to standardize roles and access management on a global scale?  It will be very interesting to see what happens in the coming years…]

A question was raised about how openID will work with InCommon?  Sounds like they are working at integrating these two.

[Another question was asked about what support there was for remote students who never set foot on campus.  And they mentioned that there are multiple levels of assurance that would apply.  LOA 1, 2 or 0.  We need to look more into this to see how it can apply to the anonymous accounts concepts.]

UK Access Management Federation Collaboration?

I was able to sit down and speak with Nicole Harris from JISC some more about the federation that they have in the UK.  It sounds like it is primarily focused on the UK at this point.  They have almost 100% of the higher ed schools on this system, and many others.  They have opened up access to the federation to service providers like academic publishing services, and to a few institutions outside of the UK.  Now that they have made such good progress internally to the UK, they are now looking at working with other federations and institutions.

Although I believe that it will make more sense for the UK access federation to work at a higher level of integration like at the InCommon federation level, I also expressed interest in seeing if there was any opportunities for other institutions to join this federation.  I was told that they are working on finalizing the policies around allowing other institutions to join their federation and that they expect to complete that effort by the end of the year.  I will be reaching out to JISC over the coming weeks to see if there is anything that Vanderbilt can do to help with those efforts, or to pilot those efforts.

Catalyst Award – Educause 2009

Interesting that the catalyst award this year went to Federated Identity Management Access Systems.  They high lighted these institutions:

InCommon Federation

Internet2

JISC – in UK

Switch – from switzerland

In accepting the award it was said that the award was for all those who have been working to make federated solutions work in our ad hoc and chaotic environments.  They called federated solutions “Policy based plumbing” and applauded the collaboration and innovation that it was encouraging in higher education.

Its about time, getting our Values around Copyright Right

General session by Lawrence Lessig.

I started taking notes on this session, but it is available online, so I decided rather than try to copy and type furiously, I would just sit back and observe and listen.  Here is a link to the presentation itself.  You will probably want to skip over the awards at the beginning.  Although I did meet with Nicole Harris, the woman who accepted the Catalyst award, earlier.  Very smart person in the federated identity space.

General Session- It Is About Time- Getting Our Values Around Copyright Right

It was a very interesting session, and not what I expected at all.  It wasn’t specifically around music copyright and students illegally downloading content.  Rather, it was a discussion of copyright law and how it affects the pursuit of science and education.  I have to admit, it moved me.  Let me describe the most impressive part of the presentation for me.

I was most impressed with the way he found a way to work within a system that can not realistically be changed, to facilitate the end goal of allowing content to be shared through the new “creative Content” license.  He recognized that a revolution of abolishing all copyright law was not the answer and would simply destroy the system.  While at the same time, making copyright violation across all domains illegal will only drive such activities underground thus encouraging a culture of disrespect for the law in some groups in society leading to a corrosive environment for future democracy.  The way that he found a way to work within a broken system, to fix a real problem, and affect for good thousands and thousands of individuals, was truly inspiring.

Lessons from the UK Access Management Federation

Background: federation funded by two groups.  JISC (Joint Information Systems Committee) and Becta (Government organization focused on effective and innovative use of technology)

Federation today:

“Technology is easy.  It’s the people who are the challenge.”

To over come issues with adoption and people’s concerns, they used pilots programs, training, outreach and support efforts for each group.

Defined a solid roadmap of activities that would be occuring, and when they would happen.

Most institutions became full members using open source software with in house support.  This led to a huge contributions from the various members.

Currently working on creating a standards based infrastucture for international interoperation.  Is it now time to revisit the eduPerson specification?  There are local variations on this standard.  There is also some degree of interpretation when you get to things like “staff”.  More information about eduPerson at:

http://middleware.internet2.edu/eduperson

SWITCH work on allowing users to give consent to attribute release.

http://www.switch.ch/aai/support/tools/uApprove.html

JISC review on OpenID, linking user-centric identity approaches with access management through institutional affiliation:

http://www.jisc.ac.uk/publications/documents/openidfinalreport.aspx

Overall it was an interesting presentation.  Kind of a very high level view of federation.  Interesting that the federation effort is jointly done between JISC and the government for education.  Quite different from the American way which is more the InCommon approach of building it, and waiting for Universities to come to it, but not really as part of a government program.

Educause has joined InCommon Federation

Announced yesterday.  Very cool!

Identity Management Presentation

Well, my presentation went really well.  I am very pleased with it.  I had probably between 100-150 people in attendance.  People were involved in the presentation and engaged.  I don’t know if they recorded it or not, but i don’t think they did.

At the end of the presentation I had probably a good 10-15 minutes of questions and answers.  The questions were all around various challenges that we faced in our IDM implementation. After the presentation I had probably a dozen people stay after and ask further questions.  I was also approached by CW magazine and asked if I would write up an article about my presentation.  I am supposed to speak with the gentleman next week.

Overall I think it went really well.  Now I can relax and enjoy the rest of the conference.

http://docs.google.com/present/edit?id=0AYTTIcM68WupZHRjMzJuNF8xMDJjdzg4cWpoZw&hl=en

Burton Group: Governance in IDM

Need to deal with many regulations, student behaviors, federated relationships, etc.

What is governance?

-Sets policy, establishes authority and responsibility, and implements accountability.  Governance is great for providing communication framework.

Strong governance team helps institutions:

-foster communication, achieve high data quality, promote application interoperability, avoid undue risk, etc.

Goals of Governance:

-build value, create transparency, achieve executives governance goals.

[So far, this is not a really strong presentation.  a couple people have already left.]

Strong Governance Requires:

sponsorship – maintain focus, relationships, overcome roadblocks, provide stewardship

ownership – individual or group.  has enforcement capability

Core Team – responsible for day to day direction.  need the right mix for this.

what if you don’t have it?

-redundant identity data propagated

-duplicitous application development

-potential use of sensitive data improperly

Types of Governance Models

-formal hybrid model – normal business model.  central group that makes policies.

-centralized IT model – similar to hybrid.  One core body.  it makes decisions.  [not sure the difference between this and hybrid]

-explicitly De-Centralized – high level group to set general policy, and then other specialized groups to implement policy

-No clear governance. – obvious.  don’t have any model in place.

five levels of maturity in governance models

1. initial – no process.

2. repeatable – starting to understand processes

3. defined – process documented, standardized and integrated.

4. managed -

5. optimized.

Governance process is iterative

need feedback mechanism to verify that processes are working correctly.  requirements –> investment –> usage –> feedback.

[very dry presentation.  If this was done after a heavy lunch, everyone would be asleep.]