JISC: Extending Access Management into Business & Community Engagement

Scoping Study24th November 2009

Helen Baird, Managing Consultant, Oakleigh Consulting LtdTel: 07930 929031 / 020 7380 1006 helenbaird@oakleigh.co.uk

Benefits for BCE users of having access to institutional resources – & to economy/society

Requirement for secure, controlled access for targeted groups to certain institutional resources

Identity & access management can enable access for non-traditional user groups

Rationale for study

Assess case for extending identity & access management approaches into BCE

Make recommendations to JISC to inform next steps in this area

Aims

Extensive desk based review

Consultation with sector bodies, HE & FE institutions, users, JISC staff & contractors

Survey of relevant organisations in 8 countries

Approach

No standardisation in how BCE users obtain access rights, or how arranged / administered

Most institutions find ways round rules to grant access – reactive on a case by case basis

Lots of IAM developments across sector, but focus on internal users’ access to, some internal, but mainly externally provided resources

Key findings – current practice

External – e.g. from SMEs, tenants, collaborative research & learning delivery partners, employers, distance & work-based learners, alumni

Internal – IT & library staff want to deal with access for non-traditional groups in systematised way

Future demand – range of factors will influence e.g. open access agenda, demographics, technological, government ID management initiatives

Key findings – demand

Staff & external users unaware/unclear what resources external groups can access – & how to achieve this

Awareness of IAM & benefits is low – language of IAM a barrier in itself

Cultural & organisational barriers in institutions; not technological

Constraints of licensing for third party resources – requirement is for ad hoc, remote access

Issues & barriers

Possible basis for solution – though changes required if use UK AM Federation

Not yet possible for external BCE users to engage as can’t become members

Plus institutions not yet acting as service providers

Policy change required & need a ‘home’ or ‘virtual’ organisation

Federated access management

Institutional – making improvements at individual institution level, e.g. external access policy, more strategic approach to IM

Cross-institutional – regional or subject web portals/networks to facilitate access to resources

‘Ideal solution’ – web interface / portal for targeted groups to access all institutional & third party resources in controlled way

Other possible solutions

Business & community groups would benefit from access to institutional knowledge assets

Extending IAM into BCE not considered high priority for institutions

Study suggests BCE users require clarity on what resources are available to them – & a simple, standardised way of accessing these

Conclusions

With partners decide on vision & strategy for extending IAM into BCE

Explore potential & options of using Federation for access for external users

Take more holistic approach & responsibility for IAM – & share good practice

Help facilitate institutions’ development of IAM solutions for external user groups

Recommendations for JISC