Steve Cawley and I attended a valuable “executive roundtable” bringing CIO’s and University Librarians together to discuss “identity.” As we discussed the challenges and successes of authentication and authorization in today’s academic environment, I began to wonder if we are not focussing a bit too close to home. I note that while libraries felt very secure in their database and searching expertise, tools like Google snuck up outside our borders and transformed user expectations of searching and research so that now we are strangers in our own territory. What will the identity landscape look like five and ten years from now. Will users have an expectation that they can carry an identity into our organization that was credentialed beyond our borders and control?
Some hint of that future may have appeared in the form of a discussion about e-portfolios and their impact on our data models. A move toward portfolios is a move toward users asserting control of their own data (a user as holding the copy of record of their transcript, for example). This turns on its head our current data model where institutions bear the responsibility for holding and managing the continuity of that sort of data. I wonder whether the solution to the buy-in problem for institutional repositories, for example, might be an individual repository model sewn together by metadata harvesting like OAI? Who will be the “portfolio banks” of the future who (for a small fee) manage the physical systems on which your e-portfolio resides and ensure that the policies and permissions you specify for your information are actually carried out when sharing your portfolio?
Some additional notes: Who assigns identities? Who decides their scope? Some discussion of OKI’s concept of “authN” (authentication) and “authZ” (authorization). The role of UIN (numbers) vs. NetID (typically names). Distinguishing between the deed of authentication and the trails and logs kept about that deed and subsequent actions (librarians are loath to keep any trail, but doing the deed might be fine). See SPEC Kits 277 and 278 from the ARL and “Mirage of Continuity” by Brian Hawkin. Credit Brad with the notion “sustainable economies in tension with the frontiers of innovation” (all you really have to do to make technology sustainable is stop changing) and Beth with “the economics of compromise” (the notion that organizations are much more willing to work with you after they have experienced a compromise and its costs than before). If setting up a portfolio banking business, what would be your “free as in beer” service lure and what would you charge for? Would password management be part of the package?