220 likes | 315 Vues
A Role for Libraries in Helping Users Manage Collaboration. Topics. Several forms of identity and their use in collaboration The rise of federations and P2P The role of VO’s The rise of collaboration apps The plumbing of collaborative apps and the impacts
E N D
Topics • Several forms of identity and their use in collaboration • The rise of federations and P2P • The role of VO’s • The rise of collaboration apps • The plumbing of collaborative apps and the impacts • Issues and opportunities (open discussion) • Consistency – of what and how • Privacy • Search • Metadata
Internet Identity - Federated • Provides inter-enterprise (and intra-) IdM • Can be bi-lateral but increasingly multi-lateral • Use cases b2b, c2g, c2b • In academic settings, privacy preserving capabilities and international use are helpful • Often is role and entitlement oriented • Two major flavors – SAML/Shibboleth, and MS WS-*; as theoretically interoperable as they need to be now…
Internet Identity – P2P • Provides tokens for interpersonal trust • Use cases include file and photo sharing, some encrypted email, etc. • Limited role but large personal contexts • Subtle but critical layers • Identity Selector, tokens, mobility, reputation systems, others • Active space – Cardspace in MS Vista, Higgins and the Bandits, OpenId, etc.
Identity Integration goals • Of federated and p2p identity • Many levels of integration • The tokens • The GUI • The privacy management paradigm • Of identity and privilege management • Assignment and management of permissions to users by those with authority to grant such access • Addresses the static aspects of the authorization space, with audit, delegation, prerequisites, etc. • Permissions can be enterprise or virtual organization
The Rise of Federations • Occurring in the R&E sector of many countries • Typically used for content acquisition (scholarly and popular), service outsourcing (academic and administrative), shared network access, government applications, and now collaboration tools • The largest, in the UK, has over five million users and will grow in scope to include all education, and now national health • Peering among federations being worked on actively
Of federations and Virtual Organizations • Federations provide general trust fabrics for use by many users accessing a variety of resources • Specific collaborations among small subsets of users, typically around a science experiment or a research community, are VO’s. • More than groups – delegation, audit • More than general collaboration tools – domain science management • “the second job” • The intent is to leverage peered federations to support the identity management needs of virtual organizations
Peering • Parameters: • LOA • Attribute mapping • Legal structures • Liability • Adjudication • Metadata • VO Support • Economics • Privacy
The rise of collaboration apps • Aka web 2.0, social networking, etc • Asynchronous – wikis, flickr, webdav, etc. • Synchronous - IM, audioconferencing, videoconferencing • Flickr, del.icio.us, facebook, myspace, etc. • All need some identity management and access controls…
Applied (Up) Middleware:Enterprise Edition • Bringing identity and plumbing into apps • Federated applications • Even that has a spectrum of implementation options (eg federated IM at the server and at the classic Shib user level) • Consistent privacy management • Plumbed applications • Use of enterprise middleware services • May be enterprise or VO uses
Examples of plumbed collab apps • Federated wikis • Identity based – spaces.internet2.edu • Attribute-based wikis – “members of the community” discussions • Web-accessed shared file stores • VO calendaring interacting with user’s enterprise calendar • Real time tools • Federated IM – use your local login for external IM use • An IM channel for a VO • Audioconferencing over IP • Videoconferencing
More examples • Lionshare • Identity-federated repositories • Enterprise del.icio.us • Cardspace enabled photo-sharing • Second Life groups fed directly from class lists, using institutional log-ins • Google Apps for education, federated • Maybe inter-institutional workflow
The need for consistency • There will be no uber-app • Too stifling of invention • Too confining of community of use • Even the embedded tools should be exposed • The videoconferencing within the LMS • IRC chat rooms embedded within larger portals • Users will want to combine identities and roles • Implies need for some consistency in certain dimensions of app management • Identity/privilege management • Several critical other concisterns
How Plumbed? • The minimum is some type of federated identity (though perhaps not classic Shib) or use of a standard P2P • Even better would be use of enterprise services for group and privilege management, workflow, diagnostics, etc.
Consistent dimensions of user experience • Identity and Privacy • Privilege Management • DRM on a wide variety of digital objects, with rich controls • Metadata tagging • Search on metadata • Network layer management issues • Trust and reputation mechanisms
Possible roles for libraries • Libraries helping users manage privacy • Populating and controlling the collaboration gate • Attribute Release Policies • Assisting in metadata • Tagging 101 • Building ontologies and controlled vocabularies • Searching 101 • DRM management
Privacy • There is a document within the UK Federation specifically on this issue: • http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf. • This document is all recommendations and theguidelines laid out do not have to be followed, the only requirement is thatthe 8 principles of the UK Data Protection Act (1998) are met.
The Eight Principles 1. Personal data shall be processed fairly and lawfully; 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes; 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed; 4. Personal data shall be accurate and, where necessary, kept up to date; 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes; 6. Personal data shall be processed in accordance with the rights of data subjects under this Act; 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
DRM • There may be new opportunities for DRM • Federal interest • Corporate dissatisfaction with current approaches • Integration of digital objects into curriculum • Need for more sophisticated controls in wikis, etc.
Discussion Item #3 • Federated search meets federated identity • Federated identity is oriented towards preservation of privacy • Attributes are released parsimoniously • Federated search wants to couple many resources into a single search mechanism • What if the resources need different attributes? • Is there a de facto standard set?
Collaboration Support • Some info on members may want to exposed, but with controls • People picker • VO stub-ins • Roles • Scoping the controls