CSG Spring 2014 – Identity Workshop, continued

Harvard Catalyst and ORCID update

Catalyst – Profiles Research Networking Software – allows for network analysis and data visualization. Analyzes co-authoring patterns. 

Over 200 institutions have downloaded PRofiles. Estimate that about 30 universities using Profiles actively. Boston University adding ORCID support. 

Harvard Faculty Finder – doing deduplication with PubMed, Web of Science, DSpace, etc. 

Harvard adding ORCID to Peoplesoft to flow into directory

Steve Zoppe – TIER Objective

Primary objective to build upon community work that’s already been done. How to onboard services and providers? 

e.g. some providers use email address as primary identifier – annoying.

Putting together a sandbox, to show what works, and evolve over time: reference architecture and canonical implementation.

What’s the problem? To enable the community to consume and integrate with cloud services most efficiently. 

Most service providers are not clueful about identity and do not understand groups within or across enterprises.

The core needs are for AuthN and AuthZ for interrealm use. Lacking a common approach has led to a proliferation of approaches in the community – TIER is choosing a baseline of Shibboleth, Grouper, and CoManage.

Generalized design  – Facade design pattern. Give service providers a normalized end point. 

Will include lightweight workflow services.

Klara Jelinkova – TIER

InCommon is part of Internet2, a wholly owned subsidiary of Internet2. Most of the identity work has been done in Internet2. InCommon was spun off to be the trust framework for US R&E – not development efforts.

InCommon Steering – functions as a program subcommittee and external relations and governance. 

InCommon next steps: New clearer charter (wholly owned subsidiary of Intenet2); New clearer bylaws: Internet2 runs InCommon; InCommon Steering is a Board that advises Internet2); Better/streamlined processes for day-to-day operations; Internet2 staff needs to run InCommon and get community feedback; Priority setting and communication: InCommon Steering program committee helps set priorities and advise on future plans; Work with Internet2/InCommon staff to fulfill FY14 objectives and set FY15 objectives.

TIER – was launched at recent Internet2 Global Summit. 

What is TIER – Trust and Identity in Education and Research.

Longstanding problem in separation of development efforts from mature, consumable services. 

Tier next steps: Set a TIER charter (governance structure, operating processes); Figure out a funding model for the items unfunded on operating lines. 

CSG Spring 2014- Identity Workshop: Ken Klingenstein

Federation today

Federated identity in private industry still tends to bilateral federation, but in government and R&E multilateral federation is becoming the norm.

US Government Efforts: FICAM (Classic identity services for government; slowly growing); NSTIC (Aimed at Next Gen services, privacy, etc. Has distinct governance and pilots efforts. Created by President Obama in 2009; Scoping is a finesse: affecting government identity interactions, but it wants to influence the commercial marketplace, but big commercial providers are not showing up. Idenity needs to be global, but post-Snowden is difficult.

What’s not working: Populating, releasing, and using attributes (attribute retentive instittuions); Social identity provdiers rules of engagement are very tricky – e.g. Yahoo reassigning email addresses. International layers fo rules (e.g. is IP address personally identifiable info?); New businesses without rules yet; The economics of higher LOA – Benefit to SP, cost to IdP. If you offer MFA on your campus, everybody in the federation benefits. 

Future of trust

Metadata growing rapidly and increasingly dynamic. Metadata needs fo cross federation boundaries and interoperate. Campus may want metadata from multiple aggregations. Interoperate includes syntactic and semantic meanings of tags.

– We’re leaving /etc/hosts and heading towards DNS

The future of technical trust – approaches: Metadata registries (Base level open source software (PEER), what is the trust model that allows me to deposit metadata about a third party? Metadata exchange protocls – MDX, moving through IETF standards processes; Several implementations exist for SAML and JSON metadata. Services instances that want to register and exchange metadata; developing a metadata aggregator for Shibboleth.

Policy – Implementing a trust for a COI requires addressing appropriate trust elements using two structures: Trust marks and trust frameworks. Work under way on an accessibility mark, a minor’s mark. Some marks may have a MUST/SHOUD/MAY format.

Now moving away from trust to the end user experience, provide privacy consent mechanisms.

Lifestyles of the Attribute Rich and Privacy Preserved (LARPP)

A tool for managing privacy attributes. Several CSG campuses participating. Tool cane out of the Swiss federation – over a third of the schools in Switzerland have adopted the tool. Work going on to describe accessibility attributes that can help software adapt. 

One interesting use case has to do with filtering out attributes released by social software (e.g. GMail). 

PrivacyLens – Open source privacy manager funded by NSTIC – available on GitHub.

Fulfilling the original federated vision

Scholarly Identity

CILogin – convets federated identity into grid credentials for national comput and data storcs

ORCID, SCienCV, etc.

 Currently space is disjointed – Federated identity, ORCID, Institutional scholarly record systems, Publishers and scholarly societies, Agencies, and Grant management systems. All use separate IDs. 

SciENCV = Science Experts Network Curriculum Vitae; SciENCV working group – lots of federal agencies participating. Voluntary researcher profile system. How do we get institutional attributes into SciEnCV? Each agency is doing things separately, want to link using ORCID. Need lines and flows in this scholarly identity space. Need to find leverage points and make it sustainable. Constituencies and economic interests are not well aligned.

CSG Spring 2014 – Identity Landscape Workshop – Survey Results

Goals: Identify higher level trends; data for campus practitioners; Marketing/Education.

26 schools responded. Average 1.3 million entries in person registry, but goes up to 16 million max. Average of over 4 systems of record for people, one school has 15. 

Everybody has Web SSO, everybody runs central directory services, but very little deployment of course information there (at least with eduCourse schema). Only 50% have self-service group deployment. Lots of people looking towards messaging queues and ESB, but not widespread yet. 

Provisioning is all over map – most do standard services (email, etc), and Active Directory, but less of other like provisioning of courses into LMS, ERP training tracking, etc.

Everybody is a member of InCommon, but release of attributes is not consistent. 

Lots of people think they will be using social identities in the future. 

Most schools have MFA for sysadmins, but not yet for all employees to access sensitive information. 

CSG WInter 2014 Meeting – Enterprise Architecture & Review Boards, pt. 2

Governance Survey Results

Survey covered CSG and ITANA members.

Roughly 2/3 – 3/4 have some formal IT governance.

Prioritization of Investments – Academic (non-central) IT has less influence, while business owners have the most.

Central IT’s budgets are largely controlled by governance, as is administrative IT.

A large part of the demand comes from Central IT. 

Most of the focus of governance is on Strategic issues. 

More institutions have advisory governance than decision-making, but that’s more even in the CSG schools.

72% of CSG schools have architecture review, but only 53% have a formal board, with most of the boards being advisory in scope. The scope is mostly central and administrative IT. Most of the boards are made up of central and administrative IT. About half of the CSG schools have an Enterprise Architecture Practice. Most schools feel that their Architecture practices are quite immature. 

Architecture practices mostly report to the CIO and is funded by Central IT.

The #1 purpose of EA is to Align Business and IT Strategy and Vision. TOGAF and Gartner are the architectural standards being used. 

Notre Dame

Architecture Review Board meets twice a week. 

UC – Mojgan Amini 

Doing architecture for the UC system. 

There’s an IT Leadership Committee made up of CIOs and IT leaders. Set goals, strategies, and priorities at the system level. 

IT Architecture group – standing committee made up of IT Directors and architects. The Enterprise Architecture Artifact Framework was established to help deal with the system-wide complexity of UC common systems.

UC Office of the President CIO created a dedicated EA team. 

Approach: Define key roles; Define key components (create an EA body of knowledge and create reusable EA assets); EA Artifact Lifecycle (create a structure for EA artifact submission, review, and approval).

Enterprise Artifacts (similar to TOGAF or other frameworks) – include policies, principles, standards, etc. They’ve picked six artifacts to work on initially, centered on the work around getting a new HR system for the UCs. 


CSG WInter 2014 Meeting – Enterprise Architecture & Review Boards

The second workshop of the meeting is on the topic of Enterprise Architecture & Review Boards is being coordinated by Jim Phelps, who is now at University of Washington.

EA and Governance

Perhaps the job of EA and Governance is to say “Wait, stop, listen” and then decide on action.

Shifting Focus of EA 

– Organizations were/are asking “What value is EA delivering to the business?” – Gartner finds 67% are starting, restarting, ore renewing their EA efforts. Shift away from technical architecture management to aligning business and IT vision and strategies delivering strategic business value and enabling a major business transformation.  That’s been the big shift in the last few years. Organizations are now building groups that have members from both business and technical organizations. This is hard – Techs want to write code, business wants to buy apps. Who is ready to have the conversation? Top down doesn’t work well in higher ed – have to find the right level to connect with. 

Jim shows an example of an ITANA matrix that plots business value and architectural value and Univeristy of Michigan’s IT Investment Board’s use of that matrix to compare projects.  

Shift to strong business value delivery and away from technical stack complexity.

Governance – Gothic G, Large G, little g. People get lost looking for the instantiated Gothic G that can make people do things. The big formal G that lots of us are trying to establish with IT Service Management and IT governance. Little g – getting groups of the right people together to steer strategies – oftentimes this gets overlooked. 

IT Governance, PPM, and Enterprise Architecture – Sherif Nijim, Notre Dame

The first ever CSG rap presentation!

IT Governance @ UMN – Patton Fast, CTO

Not ready to talk about architecture yet, but ready to talk about awareness and alignment, which has helped build an IT governance strategy for the UMN system. 

Wanted: clearer governance and priority setting, balancing supply and demand side of IT, moving from “us vs. them” dialog to a “we” dialog across all of IT, reduce layers of IT management in central IT (went from 70 to 20 supervisors in OIT). Service owners are managing day-to-day activity (in five major lines of business, each overseen by a director), not managing staff.  Moved to service based budgeting. 

During spring, while budgeting is being done, all the CIOs across the system talk to the business owners to get input. That demand gets synthesized and then shared across all the stakeholders. Then that gets presented by executive oversight and operational excellence committees. Then the priorities and budgets get set by “the Budget 5”.

Kitty Bridges – NYU

Had an external review six years ago, which resulted in a recommendation that the University view IT as a strategic asset, not a cost center. Had a strategic task force five years ago which resulted in a recommendation for better IT governance. Have an effort focused on alignment. Not advisory groups, but community groups in which IT participates. Groups are led by the senior business person in each area, not IT. Teaching & Learning, Research, Community Life, Administration, IT Infrastructure. Teaching & Learning has been the most active so far. One of the subgroups has generated 53 enhancements for Sakai – free market research! There’s a CIO Council of all the school CIOs. There’s also an IT Architecture Review Board chaired by the Snr. Vice-Provost for Research – doesn’t meet regularly but has been used to make some key decisions. All this is overseen by an IT Strategy Council.

The groups decide what needs to be done in regular business, but requests for new funding go to the Strategy Council for prioritization. 

IT Governance – Erk Lundberg, University of Washington

Two years ago had a costing study done looking at central IT in first round and then distributed IT in second round. Roughly evenly distributed between central IT, distributed IT, and medical IT. Consultant recommended comprehensive IT governance with clear definition of roles and responsibilities, treating IT as a shared scarce resource. IT Strategy board (advisory to President & Provost), IT Service Investment Board (where money and priorities clash), IT Service Management Board (central IT makes up a third of that group). 

CSG Winter 2014 – Digital Campus: Building a Culture of Innovation at Georgetown

Lisa Davis, Georgetown: Building a Culture of Innovation 

Why Innovate?

Used Ideascale platform to gather ideas from students – ideas get discussed at senior administrative staff meetings. 

Held 1st Innovation Summit in April 2012. Bring students, staff, faculty, and alumni together to discuss ideas about technology from a campus perspective. 

Engaging Practice: Hackathon in fall of 2012. Presented ideas to Provost, CIO, COO, and a startup CEO. Grew into a group on campus called h.innovation to continue to drive the innovation concepts across campus. Came up with a framework for how to keep the cadence and energy going. Gather ideas, then hold FutureOf sessions, then to the Innovation summit, then it goes to problem definition and then to the hackathon. 

Storytelling Summit – Brought in people from corporations to talk about how they do storytelling in their companies. 

Georgetown Mobile – leveraged Kurogo platform to create an app. Just deployed a laundry alert app that notifies when clothes are done washing or drying. Also deployed EmergenSee app. Did a gamification app for new student orientation. 

Innovation Culture – students, faculty, staff working together then bringing in external partners.

Engaging Faculty – Started an initiative on technology enhanced learning, led from Provost’s office. Faculty submitted proposals for MOOC development. There were over 100 proposals submitted, and the Provost paid a lot of attention to making sure that the faculty was driving the discussion. 

All these efforts have helped change the perception on campus of what the IT organization can provide. 


CSG Winter 2014 – Media Amp

Tom Lewis – Washington

MediaAMP – Cloud services, infrastructure and tools for storing digital assets.

Problem: How can universities most effectively  collect, store, and deliver content?

MediaAMP allows clients to: Speed innovation; collaborate on a national or global scale; reduce operational costs; better serve organizational missions.

Very modular, can use as few or as many pieces as needed.  Provides HIPAA compliant services. 

Industry partners, Higher ed partners; Open standards & systems