The Identity Project - About Us - More About The Identity Project


The Identity Project
Welcome Page About Us More About The Identity Project About Identity Management Project Management Project Partners Community News Events Research Centre Research Findings Contact Us Other Links Sponsored by	More About The Identity Project "The Identity Project" IDM and the academic community" presentation by Rhys Smith of Cardiff University JOIN THE IDENTITY PROJECT MAILING LIST Overview of Project 1. Background 2. Aims and Objectives 3. Overall Approach 4. Project Outputs 5. Project Outcomes 1. Background The JISC's recent "Core Middleware: Infrastructure" programme and "Core Middleware: Technology Development programme" have built the foundation blocks for the development of a new access management service within the UK. The UK Access Management Federation was formally launched in November 2006, and aims to support the four strategic requirements for access management within the UK that were identified as part of the JISC AAA Programme: 1. Access Management for internal (intra-institutional) applications; 2. Management of access to third-party digital library-type resources; 3. Access Management for inter-institutional use - stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios); 4. Inter-institutional use - ad-hoc collaborations, dynamic in nature (e.g. Virtual Organisations). Meeting the fourth requirement is an essential part of achieving the vision of an "e-Infrastructure", as described in the Science and Innovation Investment Framework 2004 - 2014. Whilst the implementation of federated access management (FAM) is a positive step towards provisioning an e-Infrastructure that can meet the evolving requirements of researchers, further work is required to allow institutions the opportunity to engage with new opportunities. Once such area of further work is the area of Identity Management (IdM). This is because a key part of an access management federation is the trust between members that their respective IdM arrangements are equivalent - or at least meet a minimum agreed level. The provision of access to resources by one member to another can then be based on that assurance. Hence there is a need to establish consensus and provide guidelines on the equivalence of various IdM arrangements, including technologies, practices, policies and processes. As such, the JISC issued Circular 3/06, calling for projects to investigate e-Infrastructure Security, specifically (amongst other things) in the areas of Identity Management within Institutions and Identity Management across Institutional Boundaries. This led to this project - "The Identity Project" - proposal being submitted by Cardiff University and the London School of Economics & Political Science, in collaboration with seven other partner institutions. This full list of partner institutions involved are: Cardiff University (CU) London School of Economics & Political Science (LSE) Birkbeck College (BBK) Goldsmiths College (GOLD) Imperial College London (ICL) Queen Mary University of London (QMUL) Royal Holloway College (RHUL) School of Oriental & African Studies (SOAS) University College London (UCL) University of London The project used its diverse consortium as the basis for research into the current practice and future needs of UK academic institutions in Identity Management. Identity management issues of interest to consortium members included Grid use, Shibboleth installations of varying degrees of maturity, collaborative courses and other long-term inter-institutional collaborations, internal and shared dynamic virtual organisations, classes of users other than the standard staff/student mix, library access schemes, and NHS involvement. All in all, this gave a wide range of IdM experience, problems and solutions that allowed us to assist the UK academic sector in allowing it to engage in the newly available opportunities of living in a federated world. The project carried out its research partly by surveying the current state of IdM across the country, partly by accomplishing certain key work packages with dedicated staff, and partly by involving staff at each partner, who were familiar with local organisational structures and requirements. This research was used to produce the major project deliverables, including a website designed to exploit the closely interlinked nature of identity management requirements. This website includes information about international efforts in the area (to which the project contributed, building on past links with the community), results from our research into the current state of IdM, and recommendations for future work, as well as the outcomes of the research at the project partners. This project started on November 1st 2006, and was completed by 31st October 2007. (go back to Overview of Project). (go back to Overview of Project) 2. Aims and Objectives The broad aim of the project was to investigate and document the detailed IdM situation in UK higher education, and to produce outputs to assist academic institutions in the UK wishing to take part in the newly emerging federated world in understanding what they need from their own IdM to enable this. More specifically, we aimed to achieve: a comprehensive broad survey of the current state of IdM in UK academic institutions; a set of in-depth audits of IdM in a representative set of institutions. Alongside these, we also: investigated practise and policy around institutional membership; investigated how having NHS links affects an institution's requirements from IdM; investigated how having Grid Infrastructure affects an institution's requirements from IdM; identified common problems (and their solutions if possible) with regards to institutional IdM; examined current tools that assist with managing users, user groups and identities and their applicability in an institutional context; attempted to establish community consensus on best practise in IdM; identified areas where further work is required. (go back to Overview of Project) 3. Overall Approach The overall approach to achieve these objectives, and the structure of the tasks, is described in detail in Section 15 (Workpackages) - particularly WP1 and WP2, which make up the bulk of the project. A brief overview, however, is thus: The first main area of work - a broad survey of IdM across the UK academic sector - was achieved through the use of an online survey. The second main area of work - in-depth institutional audits of IdM in a representative range of institutions - was carried out by staff in each institution with help and guidance (and a template of how to go about the audit) coming from project staff. Areas that were covered included the following: Credential management (user registration and expiry procedures, safeguards against abuse of credentials, revocation of credentials) highlighting convergence with and differences from UCISA Information Security Policy toolkit Section H, User Management (https://www.ucisa.ac.uk/acuk/infosecurity) and ISO 17799 (Code of Practice for Information Security Management) Certificate management (where practised) Attribute stores and usage Handling of identity for individuals not classed as staff/student (academic and library visitors, contractors, etc) Handling of prior ID discovery for new users (e.g. postgraduate students who were prior undergraduate applicants) and of potentially competing ID generation by different parts of the institution (such as the Library and MIS) Identity security and privacy issues Requirements for use of credentials, including resource access, technological requirements (e.g. single sign on, stability and scalability), accounting and statistics, etc. Single institution and cross institution Virtual Organisations and tools Collaborative learning Integrating UK HE identity management with other communities (including NHS, overseas integration requirements), including problems requiring further work, standardisation issues (highlighting those which would benefit from an international approach) Personal Identity Management and managing identity across institutional boundaries (cross-affiliation): use cases in UK HE, including role management requirements; use cases between UK HE and other sectors. (go back to Overview of Project) 4. Project Outputs Early deliverables from the preparation phase of the project was the Project Plan, and the plans for information gathering at each of the partner institutions. These formed a useful resource for any institution seeking to carry out their own audit into their Identity Management situation and needs. The principal deliverable was the project website, which gathered together all outputs of the project to be made available to the community at large. This included the results of the survey (described in WP1), the findings produced from the in-depth institutional audits (described in WP2), the specific influences on IdM (described in WP's 3-6), information on tools and their usefulness in an institutional context (described in WP7), and documentation on common IdM problems and solutions discovered during the duration of the project (described in WP8). The findings produced by the in-depth institutional audits have three main viewpoints, highlighting different dimensions of the research: By partner. This view effectively sorted the material into a series of case studies, together with separate strands of data from partners describing issues where they wished to remain anonymous. By time. This view sorted the material into current practice, current solutions and technology briefings, best practice recommendations, future plans, and recommendations for future work. By subject. This view sorted the material by topic (as described in Section 3). Where work on standards and consensus building in the community was required, this was taken on, producing appropriate documents through the project. The final deliverable was a summary report listing areas where further work is required, including specific recommendations for future JISC developments in relation to personal identity management. (go back to Overview of Project) 5. Project Outcomes The major outcome of the project is the principal deliverable described in WP2, the website which describes in detail the research carried out throughout all work packages, and the results and conclusions obtained from that research. This should provide a clear basis for future work by JISC and others in the sphere of Identity Management. Several parts of this deliverable were designed for potential re-use by other members of the community (and will be clearly marked out as such): The plans for the institutional audits are re-usable by other institutions planning to work through their identity management situation and future requirements The technology briefings will help those who wish to find clear and impartial information about the benefits and drawbacks of technical solutions for Identity Management The institutional case studies provide information of use to similar institutions across the UK A "side-effect" outcome of the project is that the involvement of key staff at each of the project partners increased the growth of the community of UK HE staff who are aware of the strategic and technical issues of next-generation identity and access management. Finally, the increased readiness across the range of institutions in the UK for next-generation identity and access management developments will allow the UK academic sector to stay on the cutting edge of developments worldwide and will help increase international recognition of the UK's technological prowess and abilities. (go back to Overview of Project). (go back to Overview of Project)
All content © London School of Economics and Political Science or other Partners in The Identity Project 2007

More About The Identity Project

"The Identity Project" IDM and the academic community" presentation by Rhys Smith of Cardiff University

JOIN THE IDENTITY PROJECT MAILING LIST

Overview of Project

1. Background
2. Aims and Objectives
3. Overall Approach
4. Project Outputs
5. Project Outcomes

1. Background

The JISC's recent "Core Middleware: Infrastructure" programme and "Core Middleware: Technology Development programme" have built the foundation blocks for the development of a new access management service within the UK. The UK Access Management Federation was formally launched in November 2006, and aims to support the four strategic requirements for access management within the UK that were identified as part of the JISC AAA Programme:

1. Access Management for internal (intra-institutional) applications;

2. Management of access to third-party digital library-type resources;

3. Access Management for inter-institutional use - stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios);

4. Inter-institutional use - ad-hoc collaborations, dynamic in nature (e.g. Virtual Organisations).

Meeting the fourth requirement is an essential part of achieving the vision of an "e-Infrastructure", as described in the Science and Innovation Investment Framework 2004 - 2014. Whilst the implementation of federated access management (FAM) is a positive step towards provisioning an e-Infrastructure that can meet the evolving requirements of researchers, further work is required to allow institutions the opportunity to engage with new opportunities.

Once such area of further work is the area of Identity Management (IdM). This is because a key part of an access management federation is the trust between members that their respective IdM arrangements are equivalent - or at least meet a minimum agreed level. The provision of access to resources by one member to another can then be based on that assurance. Hence there is a need to establish consensus and provide guidelines on the equivalence of various IdM arrangements, including technologies, practices, policies and processes.

As such, the JISC issued Circular 3/06, calling for projects to investigate e-Infrastructure Security, specifically (amongst other things) in the areas of Identity Management within Institutions and Identity Management across Institutional Boundaries. This led to this project - "The Identity Project" - proposal being submitted by Cardiff University and the London School of Economics & Political Science, in collaboration with seven other partner institutions. This full list of partner institutions involved are:

Cardiff University (CU)

London School of Economics & Political Science (LSE)

Birkbeck College (BBK)

Goldsmiths College (GOLD)

Imperial College London (ICL)

Queen Mary University of London (QMUL)

Royal Holloway College (RHUL)

School of Oriental & African Studies (SOAS)

University College London (UCL)

University of London

The project used its diverse consortium as the basis for research into the current practice and future needs of UK academic institutions in Identity Management. Identity management issues of interest to consortium members included Grid use, Shibboleth installations of varying degrees of maturity, collaborative courses and other long-term inter-institutional collaborations, internal and shared dynamic virtual organisations, classes of users other than the standard staff/student mix, library access schemes, and NHS involvement. All in all, this gave a wide range of IdM experience, problems and solutions that allowed us to assist the UK academic sector in allowing it to engage in the newly available opportunities of living in a federated world.

The project carried out its research partly by surveying the current state of IdM across the country, partly by accomplishing certain key work packages with dedicated staff, and partly by involving staff at each partner, who were familiar with local organisational structures and requirements. This research was used to produce the major project deliverables, including a website designed to exploit the closely interlinked nature of identity management requirements. This website includes information about international efforts in the area (to which the project contributed, building on past links with the community), results from our research into the current state of IdM, and recommendations for future work, as well as the outcomes of the research at the project partners.

This project started on November 1st 2006, and was completed by 31st October 2007. (go back to Overview of Project).

(go back to Overview of Project)

2. Aims and Objectives

The broad aim of the project was to investigate and document the detailed IdM situation in UK higher education, and to produce outputs to assist academic institutions in the UK wishing to take part in the newly emerging federated world in understanding what they need from their own IdM to enable this.

More specifically, we aimed to achieve:

a comprehensive broad survey of the current state of IdM in UK academic institutions;

a set of in-depth audits of IdM in a representative set of institutions.

Alongside these, we also:

investigated practise and policy around institutional membership;

investigated how having NHS links affects an institution's requirements from IdM;

investigated how having Grid Infrastructure affects an institution's requirements from IdM;

identified common problems (and their solutions if possible) with regards to institutional IdM;

examined current tools that assist with managing users, user groups and identities and their applicability in an institutional context;

attempted to establish community consensus on best practise in IdM;

identified areas where further work is required.

(go back to Overview of Project)

3. Overall Approach

The overall approach to achieve these objectives, and the structure of the tasks, is described in detail in Section 15 (Workpackages) - particularly WP1 and WP2, which make up the bulk of the project.

A brief overview, however, is thus: The first main area of work - a broad survey of IdM across the UK academic sector - was achieved through the use of an online survey. The second main area of work - in-depth institutional audits of IdM in a representative range of institutions - was carried out by staff in each institution with help and guidance (and a template of how to go about the audit) coming from project staff.

Areas that were covered included the following:

Credential management (user registration and expiry procedures, safeguards against abuse of credentials, revocation of credentials) highlighting convergence with and differences from UCISA Information Security Policy toolkit Section H, User Management (https://www.ucisa.ac.uk/acuk/infosecurity) and ISO 17799 (Code of Practice for Information Security Management)

Certificate management (where practised)

Attribute stores and usage

Handling of identity for individuals not classed as staff/student (academic and library visitors, contractors, etc)

Handling of prior ID discovery for new users (e.g. postgraduate students who were prior undergraduate applicants) and of potentially competing ID generation by different parts of the institution (such as the Library and MIS)

Identity security and privacy issues

Requirements for use of credentials, including resource access, technological requirements (e.g. single sign on, stability and scalability), accounting and statistics, etc.

Single institution and cross institution Virtual Organisations and tools

Collaborative learning

Integrating UK HE identity management with other communities (including NHS, overseas integration requirements), including problems requiring further work, standardisation issues (highlighting those which would benefit from an international approach)

Personal Identity Management and managing identity across institutional boundaries (cross-affiliation): use cases in UK HE, including role management requirements; use cases between UK HE and other sectors.

(go back to Overview of Project)

4. Project Outputs

Early deliverables from the preparation phase of the project was the Project Plan, and the plans for information gathering at each of the partner institutions. These formed a useful resource for any institution seeking to carry out their own audit into their Identity Management situation and needs.

The principal deliverable was the project website, which gathered together all outputs of the project to be made available to the community at large. This included the results of the survey (described in WP1), the findings produced from the in-depth institutional audits (described in WP2), the specific influences on IdM (described in WP's 3-6), information on tools and their usefulness in an institutional context (described in WP7), and documentation on common IdM problems and solutions discovered during the duration of the project (described in WP8).

The findings produced by the in-depth institutional audits have three main viewpoints, highlighting different dimensions of the research:

By partner. This view effectively sorted the material into a series of case studies, together with separate strands of data from partners describing issues where they wished to remain anonymous.

By time. This view sorted the material into current practice, current solutions and technology briefings, best practice recommendations, future plans, and recommendations for future work.

By subject. This view sorted the material by topic (as described in Section 3).

Where work on standards and consensus building in the community was required, this was taken on, producing appropriate documents through the project.

The final deliverable was a summary report listing areas where further work is required, including specific recommendations for future JISC developments in relation to personal identity management.

(go back to Overview of Project)

5. Project Outcomes

The major outcome of the project is the principal deliverable described in WP2, the website which describes in detail the research carried out throughout all work packages, and the results and conclusions obtained from that research. This should provide a clear basis for future work by JISC and others in the sphere of Identity Management.

Several parts of this deliverable were designed for potential re-use by other members of the community (and will be clearly marked out as such):

The plans for the institutional audits are re-usable by other institutions planning to work through their identity management situation and future requirements

The technology briefings will help those who wish to find clear and impartial information about the benefits and drawbacks of technical solutions for Identity Management

The institutional case studies provide information of use to similar institutions across the UK

A "side-effect" outcome of the project is that the involvement of key staff at each of the project partners increased the growth of the community of UK HE staff who are aware of the strategic and technical issues of next-generation identity and access management.

Finally, the increased readiness across the range of institutions in the UK for next-generation identity and access management developments will allow the UK academic sector to stay on the cutting edge of developments worldwide and will help increase international recognition of the UK's technological prowess and abilities. (go back to Overview of Project).

(go back to Overview of Project)