IWMW 2007 in York - OpenID and all that
Richard Dunning and I ran a parallel session at the Institutional Web Managers Workshop in York earlier this week entitled Athens, Shibboleth, the UK Access Management Federation, OpenID, CardSpace and all that - Single sign-on for your Web site. We'd co-opted a panel consisting of Andrew Cormack from JANET(UK) and Scott Wilson from CETIS.
I spoke first, trying to summarise the key words and phrases in the title of the session. I'm not totally convinced that I did a good job – in part I blame tiredness, following a 7 hour journey up from Bath to York the day before arriving in a heavy rainstorm just in time to miss out on going to the pub :-(. Sorry... a pretty pathetic excuse I know. I find identity management a particularly hard area to talk about coherently for some reason. My slides are up on Slideshare. Luckily, Richard, Andrew and Scott jumped in at regular intervals to mop up the issues.
During the session I mentioned that there still seems to be a lot of confusion around the changing access and identity management landscape – particularly in terms of what institutions need to do to move to Shibboleth and what impact that has (or not) on what they are doing internally with single sign-on.
What did we achieve? In part I was looking for recommendations for what could/should be done next. TechWatch offered to commission a study of technologies in this area – which seemed to be welcomed – though I have a slight concern that such studies tend to disappear without trace if we aren't careful. Beyond that there didn't seem to be many suggestions being made. For info, I am currently wondering about holding an autumn meeting looking in more detail at OpenID and CardSpace. Watch this space!
On the way down to the station, Andrew suggested one conclusion – that no-one in an institution should ever again invent an ad hoc sign-on mechanism for anything they do on their Web site. Identity management and single sign-on are of strategic importance to institutions and need to be addressed as such, with joined-up thinking and institution-wide solutions and approaches. The JISC Access and Identity Management Roadmap is a pretty good place to start, though it doesn't include any discussion around the impact of OpenID and CardSpace.
There was some interesting discussion about the issues around users having multiple online identities. While I accept this as pretty much inevitable for all sorts of reasons I still don't accept that we should enforce multiple identities (as we do now) just because people move between educational institutions and/or sectors. Others weren't convinced by this. I don't doubt that there is much more debate to be had in this and other areas around identity management.
Unfortunately, I could only stay at the event for the first day. It was worthwhile though – even for a short stay. There were two really interesting talks before lunch... the first by Steve Warburton, who talked about community, and in particular what 'communities of practice' means in the context of elearning. The second by Alison Wildish, who talked about her experiences of letting the students do the talking (using Web 2.0 services of course) at Edge Hill University. This second talk in particular was inspirational, a great example of putting into practice what many of us only talk about doing.
Presentations later in the workshop included Jeff Barr from Amazon talking about Amazon Web Services, Drew McLellan from Yahoo on micro-formats, Peter Reader from the University of Bath on customers, community and communication, and many others. Streamed video for most of the plenary talks is available.
[Image: Steve Warburton and Brian Kelly taking questions from the audience during the first session at IWMW 2007.]