The Identity Project - News - News from The Project


The Identity Project
Welcome Page About Us News News from The Project Identity Management News Events Research Centre Research Findings Contact Us Other Links Sponsored by	News from The Project 15 November 2007 - Publication of Oxford Internet Institute Report on Strategic Identity Management Following the strategy forum on identity management and data sharing organised by the Oxford Internet Institute, in June 2008, the final report for the day is now available. It was composed by OII Visiting Fellow Mary Rundle. 6 November 2007 - The Identity Project's Reports are Published The finding of The Identity Project have been published. They can be accessed here. 7 August 2007 - Completion of the Phase II of the Project The most extensive part of the project, Phase II: audits in 10 Project's partners institutions, has been completed. The information gathered has been catalogued and stored for analysis and report preparation. 19 June 2007 - The Guardian - Why ID must keep up with IT - by Stephen Hoare Recent high-profile security failures have highlighted the need to protect sensitive data. Nowhere is this more important than in universities, where a panel of experts have launched a project to bridge the gap. The spectacular failure of the NHS computer system to protect online applications of newly qualified doctors threw the whole national interview process into turmoil. But university IT specialists are determined a similar fate will not befall intra-nets and learning platforms containing a wealth of sensitive academic research and student details. Universities have welcomed open access learning platforms that widen student participation, but their arrival has left campus intranets, and all the sensitive details they contain, dangerously vulnerable to hackers. "As the focus of IT has switched to enabling users to do things, access management is trailing behind," says Les Watson, chair of this year's University Colleges and Information Systems Association (Ucisa) conference. But now the sector's IT specialists are moving to close the gap through the Identity Project run by the Joint Information Systems Committee (Jisc). The initiative is in two stages: first, 641 universities and FE colleges were surveyed to explore areas of concern; and, second, a detailed study of 10 universities will take place to find out what controls exist to prevent unauthorised access. The project, which began six months ago, is due to report by the end of the summer and then publish recommendations based on shared best practice in managing access control. John Paschoud, information systems engineer at the LSE library, is a key mover in the project. Like other universities, LSE has a long-established procedure with computer user names and passwords. But the problem is the higher level of protection needed by e-learning and online communities. "Once a student needed just a password and e-mail account, but now they expect to access exam results, have essays marked and have discussions with their tutor all online," says Paschoud. With so much valuable information on their intranets, university IT directors see themselves as gatekeepers, balancing the needs of an open educational institution against the need to check identity. As yet there is little proprietory software out there to help. Ja.net/Ukerna, the UK's education and research network, runs the UK "eduroam" hub - providing better controlled access to academic resources online. Eduroam allows academics from participating universities in the UK, Europe and Australasia to use the campus wi-fi networks of other members. And the software company Citrix, which specialises in server security software has a product aimed at universities called Smart Access, whichhelps universities identify student users who are authorised and have compatible IT equipment. "Universities have no chip and pin as yet but, long term, the aim is to unify management of access to online resources," says Paschoud. "At LSE we are moving towards a single directory that contains rights of access. The days of the old magnetic stripe ID card are over." Nine University of London colleges and Cardiff University are participating, and heads of IT are looking at the whole issue of authenticating user ID. Common concerns are emerging - such as recognising the anomalous position of temporary staff, continuing to give members of the public access to national collections and verifying academic research papers published online. "Universities need to manage the process of depositing research documents," says Paschoud. "You need to establish the provenance of the research ... The danger is that bogus research papers could be a danger to the university's reputation. This is why we need access controls." But of all the issues touched on by the Identity Project, one is of major and growing importance - the need for reciprocal access agreements for researchers from different universities, including overseas. Tim Philips, director of information systems and computing at Bristol University, says: "Bristol prides itself on its world-class research. If I'm collaborating on a research project with a team from the University of Illinois, for example, then Illinois should be able to rely on Bristol vouching for my identity." Jisc is already addressing the issue of international identity checks and validation of university researchers through Shibboleth, a technology that aims to set a common standard for authentication. Its success depends on universities working together to establish new standards for ID management and working to a common format. As Phillips says: "If we don't have well-founded identity management procedures in place, it will become more difficult for people to collaborate in international research." Weblinks Shibboleth: http://shibboleth.internet2.edu Jisc: http://tinyurl.com/32qysm Janet roaming: http://tinyurl.com/37e7wj Original link: http://education.guardian.co.uk/elearning/story/0,,2105795,00.html Source: The Guradian 30 May 2007 - Managing HE identities: how do universities know who's a student and who's not? An audit and survey began this month to compare how around 641 colleges, institutes and universities manage student and staff identity cards. The Identity Project, commissioned by the Joint Information Systems Committee (JISC), is being run jointly by Cardiff University and LSE. Its purpose is to audit ten major UK universities between now and autumn 2007, and to survey 641 higher and further education institutions using an email questionnaire. Greg Pytel, project and communications officer at LSE, said: ‘If I want to use the LSE Library, I show staff my LSE staff ID card which includes a photo of myself and a specific student number. Staff can verify my identity through this. But if I want to use another Library within the University of London, for example, while it is perfectly permissible, myself and other researchers or students can be deterred by having to fill in a whole different set of forms at other libraries. ‘What this project aims to do is evaluate what kind of IT and business processes are currently being used, to see if there is more potential for a federated system allowing a seamless sharing of ID verification. ‘The model for this would be along the lines of how debit cards are used. People's debit cards are provided by their individual bank, and money is debited from there. But through systems like Visa and Mastercard, they are recognised by other banks and many other kinds of businesses who then recoup any charges from the 'parent' bank.' Rhys Smith, project officer at Cardiff University, said: ‘As part of the project, we are attempting to survey each of the 641 HE and FE institutions around the country, in order to get a broad understanding of how everyone manages their identities. This will let us assess how ready each of them is to operate within this kind of federated system - and what work will need doing at institutions to enable such a federated operation. ‘To this end, we are asking all universities and colleges to get involved with the project, and to complete the survey. This will ensure that the project produces guidance relevant to the different kinds of HE and FE institutions there are in the UK.' From Wednesday 30 May, you will be able to check whether your university or college has returned a completed survey, and find a copy of the survey itself, at www.identity-project.org/Survey_status.html Ends Contact Greg Pytel, LSE, on 020 7852 3550, email: g.pytel@lse.ac.uk Rhys Smith, Cardiff, on 029 2087 0126 Notes The JISC Identity Project began on 1 November 2006 and is set to conclude in autumn 2007. The results will then be analysed and recommendations will be open for consideration by JISC members. The ten major project partners are Cardiff; LSE; Birkbeck College; Goldsmiths University of London; Imperial College London; Queen Mary College; Royal Holloway College; School of Oriental and African Studies; University College London (UCL); and the University of London. 29 March 2007 – Jean Sykes, Librarian and Director of Information Services, The Library at The London School of Economics, and Brian Gilmore, Director of Computing Services at the University of Edinburgh, attended UCISA Management Conference in London. Brian Gilmore, in his talk, highlighted the importance of The Identity Project Broad Survey in the context of JISC future investment into ICT infrastructure. The Identity Project survey results, informed by the complementary findings of the 10 Deep Institutional Audits, will be used by JISC to gain a thorough understanding of the current capabilities and future plans and requirements for Identity Management, within the whole UK HE and FE community (641 institutions served by JISC). Apart from publishing these findings to the community, JISC will use them to decide priorities for near-future work to address any gaps, and support institutions to participate in and benefit from the Federated Access Management infrastructure developing in Britain and many other countries. This is the largest such exercise of its' kind that has been attempted in the UK, and possibly in the world, and has attracted significant interest from the HE communities in other countries. 27 March - The Broad Survey has been launched. Today The Identity Project Broad Survey has been launched. All who are interested in supporting this project are invited to visit our Research Centre - Resources to find out more about this exciting tool. 7 March 2007 - The Identity Project and ES-LoA join forces. During a meeting in Birmingham between the representatives of The Identity Project and ES-LoA (Level of Assurance) project, a close co-operation between the members of the two projects was agreed. Both areas of IdM and LoA are intertwined and joining up the forces will benefit both projects. 6 March 2007 - John Paschoud gave a presentation to a special meeting of GARR (the Italian national education & research networking body) members in Rome, to discuss the formation of an Italian access management federation for academic use of electronic resources. John's presentation described the support resources that were being provided for the UK Federation, the need to discover the strengths and weaknesses of existing institutional identity management practices, and how this was being addressed by The Identity Project. Representatives of TERENA, Internet2, Elsevier and Ex-Libris also contributed to the event. 5 March 2007 Rhys Smith and Greg Pytel participated in the HAERVI Project meeting that took place at the London School of Economics. HAERVI Project develops a toolkit for unified federated access to electronic library resources across the UK Higher and Further Education sectors. The plenary discussion showed that The Identity Project results are likely to contribute to HAERVI Project aims and potential follow-ups. 1 March 2007 The Identity Project's Key Researchers meeting took place at the London School of Economics. This meeting was devoted to methodology and practice of case studies that are to be executed in the course of the project. Meeting participants: John Paschoud (LSE), Guy Burton (LSE), Simon McLeish (LSE), Bob Jones (Queen Mary College), Margaret Flett (University College, London), Greg Pytel (LSE), David Riddle (Goldsmiths, University of London), Ken Brown (Birkbeck College), Ian Casselton (Royal Holloway College). 13 February 2007 John Paschoud gave a presentation to Birkbeck College IT/MIS management and staff on the aims and challenges of The Identity Project. 9 February 2007 The Identity Project Kick-off meeting took place at the London School of Economics. Meeting participants: John Paschoud (LSE), Paul Allatt (Imperial College), Guy Burton (LSE), Simon McLeish (LSE), Bob Jones (Queen Mary College), John Harmer (School of Oriental and African Studies), Margaret Flett (University College, London), Greg Pytel (LSE), David Riddle (Goldsmiths, University of London), Ken Brown (Birkbeck College), Peter Marsden (University of London).
All content © London School of Economics and Political Science or other Partners in The Identity Project 2007

News from The Project

15 November 2007 - Publication of Oxford Internet Institute Report on Strategic Identity Management

Following the strategy forum on identity management and data sharing organised by the Oxford Internet Institute, in June 2008, the final report for the day is now available. It was composed by OII Visiting Fellow Mary Rundle.

6 November 2007 - The Identity Project's Reports are Published

The finding of The Identity Project have been published. They can be accessed here.

7 August 2007 - Completion of the Phase II of the Project

The most extensive part of the project, Phase II: audits in 10 Project's partners institutions, has been completed. The information gathered has been catalogued and stored for analysis and report preparation.

19 June 2007 - The Guardian - Why ID must keep up with IT - by Stephen Hoare

Recent high-profile security failures have highlighted the need to protect sensitive data. Nowhere is this more important than in universities, where a panel of experts have launched a project to bridge the gap.

The spectacular failure of the NHS computer system to protect online applications of newly qualified doctors threw the whole national interview process into turmoil. But university IT specialists are determined a similar fate will not befall intra-nets and learning platforms containing a wealth of sensitive academic research and student details.

Universities have welcomed open access learning platforms that widen student participation, but their arrival has left campus intranets, and all the sensitive details they contain, dangerously vulnerable to hackers. "As the focus of IT has switched to enabling users to do things, access management is trailing behind," says Les Watson, chair of this year's University Colleges and Information Systems Association (Ucisa) conference.

But now the sector's IT specialists are moving to close the gap through the Identity Project run by the Joint Information Systems Committee (Jisc). The initiative is in two stages: first, 641 universities and FE colleges were surveyed to explore areas of concern; and, second, a detailed study of 10 universities will take place to find out what controls exist to prevent unauthorised access.

The project, which began six months ago, is due to report by the end of the summer and then publish recommendations based on shared best practice in managing access control.

John Paschoud, information systems engineer at the LSE library, is a key mover in the project. Like other universities, LSE has a long-established procedure with computer user names and passwords. But the problem is the higher level of protection needed by e-learning and online communities.

"Once a student needed just a password and e-mail account, but now they expect to access exam results, have essays marked and have discussions with their tutor all online," says Paschoud.

With so much valuable information on their intranets, university IT directors see themselves as gatekeepers, balancing the needs of an open educational institution against the need to check identity. As yet there is little proprietory software out there to help. Ja.net/Ukerna, the UK's education and research network, runs the UK "eduroam" hub - providing better controlled access to academic resources online.

Eduroam allows academics from participating universities in the UK, Europe and Australasia to use the campus wi-fi networks of other members. And the software company Citrix, which specialises in server security software has a product aimed at universities called Smart Access, whichhelps universities identify student users who are authorised and have compatible IT equipment.

"Universities have no chip and pin as yet but, long term, the aim is to unify management of access to online resources," says Paschoud. "At LSE we are moving towards a single directory that contains rights of access. The days of the old magnetic stripe ID card are over."

Nine University of London colleges and Cardiff University are participating, and heads of IT are looking at the whole issue of authenticating user ID. Common concerns are emerging - such as recognising the anomalous position of temporary staff, continuing to give members of the public access to national collections and verifying academic research papers published online.

"Universities need to manage the process of depositing research documents," says Paschoud. "You need to establish the provenance of the research ... The danger is that bogus research papers could be a danger to the university's reputation. This is why we need access controls."

But of all the issues touched on by the Identity Project, one is of major and growing importance - the need for reciprocal access agreements for researchers from different universities, including overseas. Tim Philips, director of information systems and computing at Bristol University, says: "Bristol prides itself on its world-class research. If I'm collaborating on a research project with a team from the University of Illinois, for example, then Illinois should be able to rely on Bristol vouching for my identity."

Jisc is already addressing the issue of international identity checks and validation of university researchers through Shibboleth, a technology that aims to set a common standard for authentication. Its success depends on universities working together to establish new standards for ID management and working to a common format. As Phillips says: "If we don't have well-founded identity management procedures in place, it will become more difficult for people to collaborate in international research."

Weblinks

Shibboleth: http://shibboleth.internet2.edu

Jisc: http://tinyurl.com/32qysm

Janet roaming: http://tinyurl.com/37e7wj

Original link: http://education.guardian.co.uk/elearning/story/0,,2105795,00.html

Source: The Guradian

30 May 2007 - Managing HE identities: how do universities know who's a student and who's not?

An audit and survey began this month to compare how around 641 colleges, institutes and universities manage student and staff identity cards.

The Identity Project, commissioned by the Joint Information Systems Committee (JISC), is being run jointly by Cardiff University and LSE. Its purpose is to audit ten major UK universities between now and autumn 2007, and to survey 641 higher and further education institutions using an email questionnaire.

Greg Pytel, project and communications officer at LSE, said: ‘If I want to use the LSE Library, I show staff my LSE staff ID card which includes a photo of myself and a specific student number. Staff can verify my identity through this. But if I want to use another Library within the University of London, for example, while it is perfectly permissible, myself and other researchers or students can be deterred by having to fill in a whole different set of forms at other libraries.

‘What this project aims to do is evaluate what kind of IT and business processes are currently being used, to see if there is more potential for a federated system allowing a seamless sharing of ID verification.

‘The model for this would be along the lines of how debit cards are used. People's debit cards are provided by their individual bank, and money is debited from there. But through systems like Visa and Mastercard, they are recognised by other banks and many other kinds of businesses who then recoup any charges from the 'parent' bank.'

Rhys Smith, project officer at Cardiff University, said: ‘As part of the project, we are attempting to survey each of the 641 HE and FE institutions around the country, in order to get a broad understanding of how everyone manages their identities. This will let us assess how ready each of them is to operate within this kind of federated system - and what work will need doing at institutions to enable such a federated operation.

‘To this end, we are asking all universities and colleges to get involved with the project, and to complete the survey. This will ensure that the project produces guidance relevant to the different kinds of HE and FE institutions there are in the UK.'

From Wednesday 30 May, you will be able to check whether your university or college has returned a completed survey, and find a copy of the survey itself, at www.identity-project.org/Survey_status.html

Ends

Contact

Greg Pytel, LSE, on 020 7852 3550, email: g.pytel@lse.ac.uk

Rhys Smith, Cardiff, on 029 2087 0126

Notes

The JISC Identity Project began on 1 November 2006 and is set to conclude in autumn 2007. The results will then be analysed and recommendations will be open for consideration by JISC members.

The ten major project partners are Cardiff; LSE; Birkbeck College; Goldsmiths University of London; Imperial College London; Queen Mary College; Royal Holloway College; School of Oriental and African Studies; University College London (UCL); and the University of London.

29 March 2007 – Jean Sykes, Librarian and Director of Information Services, The Library at The London School of Economics, and Brian Gilmore, Director of Computing Services at the University of Edinburgh, attended UCISA Management Conference in London. Brian Gilmore, in his talk, highlighted the importance of The Identity Project Broad Survey in the context of JISC future investment into ICT infrastructure.

The Identity Project survey results, informed by the complementary findings of the 10 Deep Institutional Audits, will be used by JISC to gain a thorough understanding of the current capabilities and future plans and requirements for Identity Management, within the whole UK HE and FE community (641 institutions served by JISC).

Apart from publishing these findings to the community, JISC will use them to decide priorities for near-future work to address any gaps, and support institutions to participate in and benefit from the Federated Access Management infrastructure developing in Britain and many other countries.

This is the largest such exercise of its' kind that has been attempted in the UK, and possibly in the world, and has attracted significant interest from the HE communities in other countries.

27 March - The Broad Survey has been launched. Today The Identity Project Broad Survey has been launched. All who are interested in supporting this project are invited to visit our Research Centre - Resources to find out more about this exciting tool.

7 March 2007 - The Identity Project and ES-LoA join forces. During a meeting in Birmingham between the representatives of The Identity Project and ES-LoA (Level of Assurance) project, a close co-operation between the members of the two projects was agreed. Both areas of IdM and LoA are intertwined and joining up the forces will benefit both projects.

6 March 2007 - John Paschoud gave a presentation to a special meeting of GARR (the Italian national education & research networking body) members in Rome, to discuss the formation of an Italian access management federation for academic use of electronic resources. John's presentation described the support resources that were being provided for the UK Federation, the need to discover the strengths and weaknesses of existing institutional identity management practices, and how this was being addressed by The Identity Project. Representatives of TERENA, Internet2, Elsevier and Ex-Libris also contributed to the event.

5 March 2007 Rhys Smith and Greg Pytel participated in the HAERVI Project meeting that took place at the London School of Economics. HAERVI Project develops a toolkit for unified federated access to electronic library resources across the UK Higher and Further Education sectors. The plenary discussion showed that The Identity Project results are likely to contribute to HAERVI Project aims and potential follow-ups.
1 March 2007 The Identity Project's Key Researchers meeting took place at the London School of Economics. This meeting was devoted to methodology and practice of case studies that are to be executed in the course of the project. Meeting participants: John Paschoud (LSE), Guy Burton (LSE), Simon McLeish (LSE), Bob Jones (Queen Mary College), Margaret Flett (University College, London), Greg Pytel (LSE), David Riddle (Goldsmiths, University of London), Ken Brown (Birkbeck College), Ian Casselton (Royal Holloway College).
13 February 2007 John Paschoud gave a presentation to Birkbeck College IT/MIS management and staff on the aims and challenges of The Identity Project.
9 February 2007 The Identity Project Kick-off meeting took place at the London School of Economics. Meeting participants: John Paschoud (LSE), Paul Allatt (Imperial College), Guy Burton (LSE), Simon McLeish (LSE), Bob Jones (Queen Mary College), John Harmer (School of Oriental and African Studies), Margaret Flett (University College, London), Greg Pytel (LSE), David Riddle (Goldsmiths, University of London), Ken Brown (Birkbeck College), Peter Marsden (University of London).