Options for joining the UK Access Management Federation
In their recent briefing paper about third party providers of federated access management solutions (see also my previous blog entry on the same topic) the JISC present three options for participating in the federation, as follows:
- Become a full member of the UK federation, using open source software with in-house technical support
- Become a full member of the UK federation, using open source software with paid-for support
- Subscribe to an ‘outsourced Identity Provider’ to work through the UK federation on the institution’s behalf
It strikes me that this is a rather unsatisfactory list for two reasons...
Firstly, options 1 and 2 are prefixed with the phrase "Become a full member of the UK federation" whereas option 3 is not. Why? The implication seems clear enough... if you choose to outsource your identity provision then you are not a "full member" of the federation, whatever that means. This is an odd choice of wording, especially in a political and financial environment where institutions are generally being encouraged to consider shared service solutions as alternatives to doing everything in-house.
As I said in my previous blog entry, I am not particularly trying to promote outsourced solutions here - our's or anybody else's - institutions can make their own minds up about that. But I see no good reason to give the impression that those institutions that choose to outsource their identity provision to a third party are any less members of the federation than those that do everything in-house.
Secondly, the list mixes up 'technology provision' and 'support arrangements' in a rather unhelpful way. It would be more helpful to separate these, giving two lists as follows:
- In-house identity provision using open source software.
- In-house identity provision using commercially licensed software.
- Outsourced identity provision using an external service provider.
- In-house support
- External support
I appreciate that even these lists aren't perfect (we offer a partially outsourced identity provision option for example) and that a matrix of the two may not be fully populated (the combination of in-house support and outsourced identity provision doesn't sound likely for a start!). Despite that, it think it is a more accurate reflection of the options facing institutions than the three options currently presented by the JISC.