This second meeting of the Taskforce was held on the 3rd February 2014 in London to update the Taskforce on progress of the Identity Management project and allow them the opportunity to provide feedback on the project’s outputs.
Whereas the first meeting of the Taskforce was a hands-on workshop where the objective was to look at issues, barriers and solutions, this meeting had two aims. The first was to report back to the Taskforce on progress on the various projects undertaken as part of the overall Identity Management project. The second objective was to get feedback from the Taskforce on progress, that the projects’ outputs matched the original requirements, as defined by the group, and to start to think about how we could build on this work in a second phase of the project.
The following notes summarise the presentations and discussions from the workshop.
Introduction – Mark Toole (Chair)
Mark Toole, as Chair of the Taskforce, described his identity management and library background and gave an overview of the project and its mission to look at the non-technical issues around identity management, especially the people and organisational issues. He also gave an overview of the new co-design process. The taskforce has the role to shape the programme and identify practical things we want to achieve. Identity Management is about allowing people to access resources. He stressed that we need practical solutions to social and people issues, rather than new technologies.
This objective came out of the first co-design meeting which led to this project being funded. As a key stakeholder in the co-design process, Mark is also a member of the Futures Forum and reported that there were positive messages from Jisc on the co-design process. In particular, this was the way Jisc would be running its innovation activities and was committed to continuing the Identity Management work, as well as other co-design projects. The afternoon’s session would allow the taskforce time to start thinking about what should be in the second phase of work for the project. For now we would look at the work that had been done and the outputs from the projects. As the project does not end until the end of February there is still work to be done and outputs to deliver.
Overview of IdM projects – Christopher Brown
(Slides)
As the title suggests this presentation gave an overview of all the projects that had been undertaken under the IdM Project, although leaving the externally run projects to the project managers’ presentations.
The presentation started with a reminder of the original requirement for the project, which was to “address the cultural, social and political barriers to good identity management within Higher Education.” This requirement had led to this the Identity Management project. The first objective for the project was to set up the Taskforce, made up of IT/library directors and other representatives from the community with an interest in IdM, and then get them to define the issues and barriers and, working with IdM experts, to formulate solutions. These solutions should map to the outputs of the various projects that form part of the IdM project. The AIM Strategy and Plan were mentioned as the work of this project feeds into these documents. It should be stressed that the work of this project and the Strategy are compatible. There is one AIM strategy and co-design is a way of gathering user requirements.
The original issues were grouped under the following headings:
| Governance / Strategy | Management and Admin | Users / User experience |
| Culture | Monitoring use | What is available to me? |
| Definitions | Account management | How do I get it? |
| Ownership of the problem | IT support | Where do I go for help? |
| Policies | Licences | Usability |
| Changing roles | ||
| Granularity | ||
| Cloud | ||
| Access to other systems | ||
| Virtual organisations |
From these issues the following projects were created and prioritised:
Highest priority
Project 1 – Governance/Definitions
->Project 6 – Licensing (requires outputs from Project 1)
Project 8 – Usability
Project 5 – Usage monitoring
Project 3 – Toolkit (target audience)
Project 4 – Map to IdM Resources
Project 7 – User centric identities
Project 2 – Account Management
Lowest priority
The last two on this list were eliminated to concentrate on the other projects. Projects 1 and 3 were joined together and a consultant was funded to deliver this work. Project 5 also required funding of a consultant. This left Project 5 – Usage Monitoring and Project 4 – Map to IdM Resources left to be covered in this talk. Both projects involved Jisc Communications team and Infonet to help produce the outputs.
For Usage Monitoring the outputs will be:
- A blog post focusing on usage statistics and monitoring and associated projects
- Project outputs coordinated and publicised by Comms
- Raptor and LAMP demos at DigiFest14
For the Mapping to IdM Resources the outputs are:
- An identity ‘Hub’ (new topic focussed website with collated Jisc AIM resources). Outputs from the IdM co-design projects will be incorporated here. A beta version of the site is available at http://www.jiscinfonet.ac.uk/topics/access-identity-management/
Other outputs related to this project will involve updates to the Jisc website and a new guide:
- UK Federation and Shibboleth Consortium information updated on the Jisc website.
- Updated Identity Management Quick Guide – http://www.jisc.ac.uk/guides/identity-management.
- Additional longer guide to complement and contextualise (not duplicate) the Infonet work, the co-design IdM work and the Janet AIM strategy and plan.
Feedback was generally positive, although the point was made that many of these outputs are to be delivered by the end of February and that we are already in February.
Definitions/Governance and Toolkit projects update – John Paschoud
(Slides)
As project manager for the two combined projects John gave a presentation on the progress so far as well as getting the delegates to provide feedback and opinions on some of the projects’ conclusions. The scope of the work was, within a HE institution, to:
- Identify responsibilities and ownership of IdM
- Define generic user categories/groups for IdM (AIdM)
- Identify relationships of IdM with specific typical IM systems
- Briefings/engagement for key IdM owners
Although it is easy to talk about IdM to people in the room, it’s not the case for the people we want to get to. Part of the work involves site visits to institutions and so far they have visited Cardiff with plans to visit Sheffield/Coventry, although it has proved difficult to round up the right people and facilitate discussions with them. The point was made that perhaps you can’t engage with these people as it’s at an organisational level and that you can’t deal with this as a quick win in the timescales. Also, calling this identity management is misleading as the project is about improving access to resources.
Responsibilities and ownership
The project has identified approximately four roles at operational head level and the same number above them (governance lead or sponsor):
| Operational Head | Governance Lead / Sponsor |
| HR Director | PVC Staff |
| Dir of Student Services / Academic Registrar | PVC Research |
| Dir of Research/Commercial/ Business | PVC Research |
| Dir of Resources (IT, Library, Estates, Finance) | CEO / COO / Secretary (/ CIO?) |
The focus should be on the first 3 – HR Director, Dir of Student Services/Academic Registrar, Dir of Research/Commercial/Business, but we should target governance leads as the information then filters down to the operational heads. The Chief Information Officer role has a question mark as institutions don’t seem to have a CIO anymore.
Generic IdM user categories / groups
Looking at categories at a macro level there are really just three – Students, Staff and Others, with various sub-categories below these. There followed a general discussion on where people fit under these categories and a range of questions were raised. This included whether eduroam should be under “Others” as it is a service offered. Each of the roles has a start and end time and people may have more than one role. Should alumni be in “Other” rather than “Student”? Would there be an issue when visiting a campus abroad and trying to get access to your home institution? Some of the group believed that creating sub-categories is dangerous, but the majority disagreed.
The roles need to be defined as it is all about who has access to electronic resources, for example the finance system. There was some disagreement about whether this meant access to library resources or all e-resources. Some think it’s just the library, but others believe that it needs to cover much wider IdM issues.
John’s conclusion was that we can have default roles but it needs to cover more than just access to library resources, such as the resource management of the finance system, for example.
Relationships between IdM and specific IM systems
At the project’s workshop held in December 2013 there were no clear conclusions reached on this. This item was discussed at the end of the session when John asked what other approaches (other than technical) to this does the Taskforce think will be productive? There is information on this already in the Toolkit, so it will be checked to see if it is still up to date or requires updating. A link to this information with an explanation was seen as the solution to dealing with this item.
Target briefings for key IdM owners
This was originally defined as a separate project to update the IdM Toolkit so that relevant sections could be targeted to particular key groups. As mentioned above, this work was merged together with the Definitions/Governance work as they are closely related.
The main target groups should be staff, students and research/business. To target these groups, two-sided A4 flyers and a single-page web with links to the Toolkit will be produced. Each will direct the groups to the most relevant information on the Toolkit with summary information. John asked if these were the three best targets. There was a general consensus about the groups but funding/research councils should also be targeted as there is an assumption that they understand IdM but they don’t. These briefings should be endorsed by more than just Jisc, SCONUL and UCISA but the very research councils being targeted. It should also target AMOSSHE and a similar HR group. We need channels into HR and MIS as have always had channels to libraries and IT. Funding councils must be convinced so there is a requirement to talk to them and other groups too – groups who work across institutions.
John listed a potential fourth target – Resources/Services. The group agreed that this should be included as it’s targeting the whole institution. Also, they are the data owners for academic systems. There was still some concern that, even if you identify these targets, you have to get them to the correct individuals and they might be just passed down to the usual people who have to deal with these issues.
There should be some thought to the student’s journey through the institution. Are we dealing with students leaving institutions? What about staff? Are we are engaging with the right groups/people? Some think we shouldn’t be targeting individuals as it’s a university problem. However, others say we should. This was raised at the first workshop as IdM stuff always goes to the same people. The consensus was that we do need to target individuals and explain that it’s an institutional issue?
Usability project update – Stuart Church
(Slides)
Stuart gave the background to the project (which is basically looking at the range of problems students encounter accessing resources), before providing information on the site visits and interim results from the usability survey. The link to the survey is https://www.surveymonkey.com/s/YJ9G2QR and this has been disseminated via various mailing lists and social media. It was still live at the time of the workshop and would be for a couple more weeks, so the final survey results will be produced at the end of the project.
So far there have been over 350 survey respondents (mainly from Cardiff and Newcastle), 13 interviews with information gatekeepers and 28 with undergraduate and taught postgraduate students.
Stuart presented the interim survey results in various bar charts. There is a broad spread of respondents to the survey but they are mostly undergraduates. With frequency of access, undergraduates have a burst of access whereas researchers access more frequently, which is as expected. Users have different journeys accessing resources so it is interesting to look at where people start on this journey. Students tend to start in the institution’s library. As they progress through courses they start to go straight to resources and by-pass the library offer. There’s an increasing use of Google to get a wider breadth of knowledge on a subject. Some students develop “search rituals” to minimise potential problems, e.g. they log in on their browser then access resources through new tabs. They become more sophisticated users of the system. Searching varies between under/post graduates. Undergrads tend to re-find information. Location showed the biggest contrast as most undergraduates access from home, whereas postgraduates/researchers from their office. The most used devices are laptops, while mobile use is less than 10%, but inevitably increasing. Users currently see mobile devices as limited.
Both groups encountered significant problems accessing resources, but this area requires further investigation of the data. Issues are mainly around log in information. They tend to get problems if they go to the publisher website but not the portal and it should be like that. It’s hard to predict as sometimes users are logged in and have to re-log in, sometimes not. It’s useful to split between institutional and publisher issues. Some Jisc have influence over, but publishers do things in a variety of ways. There are issues around downloading resources and users can get stuck in a loop going between sites. Students expect access to a resource by default and problems arise when they can’t. Open access journals change people’s perceptions.
There is limited functionality available on mobiles and students tend not to like accessing/reading books online. Their preference is for physical books not e-books. For an overall rating of experience of accessing journals online, it’s generally rated good and this was similar for undergraduates and postgraduates/researchers.
These are only the interim results and the survey will run for a couple more weeks when the final report will be written up.
Stuart posed a number of questions for the taskforce and requested help to get a more representative sample. Are there any smaller institutions that could be targeted? The survey will be sent out on the UCISA and SCONUL lists. Concern was expressed about the collection of personal data but the survey is anonymous. The output from the project will be in a format that’s most useful and actionable, but what should it be? It will include the user’s journey, as described above, in a visual way so users can select the relevant issues and results. Is it the format or the audience that’s important? The audience is crucial and the outputs should be aimed at publishers. It’s a difficult message to tell them they are doing something wrong. There needs to be examples of good sites.
REFEDS have a mock website showing good and bad practice. Similar work on this has been done before at Jisc so we need to pick out the AIM issues from this work.
The point was made that the work at some institutions on mobile devices has treated them as consumption devices rather than for discovery.
Stuart confirmed that the survey results match his observations of students during site visits. There have been similar issues across all three institutions investigated.
Summary and Next Steps
(Slides)
The final session of the day focussed on the following topics:
- Feedback from the group on the projects
- How best to communicate the outputs of the project.
- Think about Phase 2 of the IdM project
- Discuss membership of Taskforce
Feedback from the group on the projects
The session started with a five minute group discussion looking at whether the project had addressed the original problem? The feedback was that the group is missing publishers especially as ~60% of usability issues are in the publisher domain. The projects needed more time but were limited by the time limits of the co-design pilot.
The main issue raised was that the project should be about access to all services and not libraries only. Much of the work undertaken by this project, in particular the Definitions/Governance and Comms-related work, has had a wider perspective than just library systems. The second phase of the project will continue to have this wider scope and the next workshop, where the group will look at what further work is required, will clearly define the scope and requirements for future work.
A number of questions were then asked of the group:
What has the project fully achieved?
It was felt that this was an unfair question as the projects had not yet completed. The problems that need to be addressed are multi-faceted. Identifying this is a quick win. There is a need to go to national organisations. Mark Toole stressed that it’s a major achievement talking about non-technical issues in this environment. The IdM hub was seen as a good idea. There is a lot of information out there already so bringing it all together is a good thing. This has only been partly achieved as it is yet to be disseminated to the community. The usability study looks like it will achieve what the group wanted it to.
What has the project partly achieved?
Some of the issues at the first workshop boiled down to two things: what’s a student? What’s a member of staff? This is key work and has been partly achieved by the governance project. Feedback on the existing IdM Quick Guide is that it is possibly “too quick” as it doesn’t really say anything and is very bland. The new guides should tell people what they need to do. The wider taskforce needs to answer this question and has to get into the governance of an institution.
What hasn’t been achieved by the project?
It has achieved the realisation that there is a need to get to the top level people downwards. This requires building the relationship between Jisc and those organisations. This needs to be passed upwards within Jisc.
Need to assess risks but make sure they are real risks not made up ones. We should talk about threats and opportunities rather than risks. With commercial partnerships overseas there are new and increased risks and opportunities.
The IdM Toolkit won’t be read unless there are summaries for those levels underneath HR director, for example. These should point people to the relevant parts of the Toolkit. The Toolkit was designed to be exactly that, a toolkit, but you have to know the tool you need. It should include brief case studies highlighting best practice within other institutions. The trouble with case studies is they take too long to set up. The definitions/governance project has done one and it’s been far more difficult getting the right people involved.
Again the IdM Hub is seen as a good place to point groups to and get them engaged. It’s probably unreasonable to expect a HR director to engage with the group until we have something to show them. Do need a HR person in the group as no idea how to flag this work to HR. In one way the project has failed as we still have the usual suspects in the taskforce.
The project has not dealt with people who move across groups from students to staff to others.
The Licensing work has not started as it awaits an output from the definitions/governance project. It should get Jisc Collections to work with publishers to define model licences at a national level. All institutions are doing work on own licence. Need one licence all can use and put in KB+.
How best to communicate the outputs of the project.
This part of the session included questions asked by Jisc Comms about how the outputs could be best communicated at the type of target audience.
The feedback was that Jisc needs to engage with national bodies. The project needs to report back to the co-design group not Comms and it is that group that should decide how to contact these national groups. The outputs cut across a number of Jisc activities and there is a need for this work to be joined up.
Taskforce members need to promote the project wider, not just within institutions but to groups. We should keep the focus on access and people – “who” can access “what” for their daily routine. This should be kept at the front of our minds. We need to engage with the community through “access” not “IdM” and there is still a struggle with what to call it. The language we use should depend on our target audience. This is something for Jisc to think about for other areas and not just AIM.
Think about Phase 2 of the IdM project
There wasn’t time in this meeting to plan phase 2 in detail, but this part of the session allowed the group to at least think about what might be in phase 2. There will be a workshop on 8 April to fully scope the requirements of future work.
There should be further case studies and we need to find some way to support a slower way of working with institutions and their timetable. It’s more valuable than doing it in a rush. There is a requirement for somebody to set up a forum that is more than discussion and talking shop, but institutions can identify where they are on a maturity model and identify what needs to be done. There needs to be engagement with people to see if they are interested in doing this. We shouldn’t underestimate the lack of awareness with most of their colleagues.
There needs to be more engagement with other institutions that are not represented in this group. We shouldn’t assume that IdM is always first on their list.
If someone responds to a guide and contacts Jisc for help then Jisc should be able to offer help rather than say it’s not in the funding timeframe. The UK federation helpdesk will deal with anything technical. Jisc needs to find a way of providing ongoing support when people engage with the information/guidance we provide now. This is the best way to get case studies as we can document their experience. We have identified categories, so we need to identify issues for each category and how they’ve been solved within an institution. Then have case studies based around these categories rather than the institution. This would be a good way of testing these types of categories. Every institution does IdM but not necessarily done well. There was a reminder that there is already the resource “Access Unlimited, Access Protected”, which includes a video from a HR director.
The scope needs to be clarified for Phase 2. It could include a strand of work on what to do collectively as a community.
Discuss membership of Taskforce
The meeting ended with a brief discussion on Taskforce membership. Everyone present was happy to continue being members of the Taskforce. SCONUL and UCISA originally raised IdM as an issue as part of the co-design pilot. They should continue to be involved. It also requires AMOSSHE and national bodies – funding/research councils. Currently there is an over representation of IT and libraries. Should include smaller institutions, a selection of Jisc banding and categorise institutions as to what role they play. It should remain HE first, but if FE is to be included then that should be in a different group.
