American essayist Ralph Waldo Emerson once said that ‘to be yourself in a world that is constantly trying to make you something else is the greatest accomplishment’, and when it comes to the science of identity management, that’s certainly true.
What is identity management?
Identity management can mean different things to different people, but I’m talking about the way in which universities, colleges and other learning providers identify individuals and ensure that they have access to the services they need to study, research and teach. These may be library resources, file sharing services, or the ability to log into and use specialist computer equipment.
Usually, it also enables access to a range of other services relating to a person’s life within their institution. It allows for personalisation of services so that people aren’t swamped with services that aren’t relevant to them, and it also enables access to sensitive or personal information to be controlled appropriately.
Unfortunately, identity management systems sometimes fail to recognise people for who they really are, which means they are denied access to resources and services that they are entitled to. This is why the Society of College, National and University Libraries (SCONUL) encouraged identity management to be one of the projects of our current co-design programme with Jisc.
The co-design approach
Co-design is an experiment to build on the way that Jisc already works with partner organisations, taking it to a deeper level. The five partner organisations have each identified issues that are proving difficult to manage within their particular areas of interest, and a number of these have been developed into projects to take forward.
Each partner is staying closely involved in their particular projects from the initial generation of ideas, through the project implementation stage and into the development of products, services and other outputs. It means that the workstreams are under constant scrutiny so that the project team can make faster, better-informed decisions to change their focus if new avenues look more fruitful, speed up or even stop a project completely if it looks unlikely to yield useful results. The aim is to ensure outputs are optimal, cost-effective and meet all the requirements of end-users.
The identity management project is called ‘Addressing the social and political barriers to good identity management’ and it is focusing on the people issues that are now the biggest barrier to effective identity management. Earlier Jisc programmes have focused on developing the right technological infrastructure and that is now well-developed.
Overcoming the issues
Most of the problems we’re seeing now relate to making sure that people have the right identities, and that these can be mapped quickly and easily to the various groups they are part of. Often, it is about getting different parts of the same organisation to work together, and there are many reasons why that can be harder than it sounds.
Sometimes, licensing is the main stumbling block – many services and resources have their own licensing regimes that apply to specific groups of people. But those groups aren’t always consistent, and the complexities of who is entitled to what can only increase; as institutions have more students studying overseas, undertake more collaborative activities and deliver more services through partner organisations.
Put simply, identity management means making sure that people are assigned the right identities and that these associate all the right attributes to the right groups of people. But that requires personal data, which must be carefully guarded even within a single institution, let alone where third party suppliers are involved. Work done on federated access – which enables a person’s identity to be authenticated without releasing personal information – has helped in some respects, but there are still times when third party suppliers insist on their own log in credentials.
The ‘Addressing the social and political barriers to good identity management’ project is taking a fresh approach to these problems and we’re scoping all the issues, looking out for examples of good practice, and building on the identity management toolkit that shares what we discover. We want to set up a template that groups which are responsible for negotiating licences can use to make it explicit to all parties precisely what resources have been subscribed to, and who must be able to access them. If we can create a workable scheme like this, it should be possible to get publishers and the suppliers of other services to adopt it, because it would have obvious benefits for them, too. The trick is to have an agreed set of group types so that all stakeholders are working with consistent standards for identification.
To make this work, we have to take action right across our institutions. At the governance level, the project team is working on strategies to get the right groups working together efficiently, and at management level, we’re drilling down into the detail of how such a scheme could be put together, how the licensing can work and how we can take all the stakeholders along with our vision. For users, we’re exploring how students, researchers and teachers discover what resources are available for them, how they get access to it, and how we might help them find practical solutions.
If you’d like to explore co-design further, or find out more about the various projects, we’d like to hear from you. The main project contact is Chris Brown at Jisc and you can get in touch by email: firstname.lastname@example.org) or on Twitter @chriscb.