EDUCAUSE | Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Authorization

The hidden challenges of federated identity

drupal — Thu, 30 Mar 2006 11:14:10 -0600

Federation is the logical goal of identity infrastructures, but achieving it takes more than just technology. For years, companies have kept stores of identity information about employees, customers, and partners. These databases and directories are critical components of a company's identity infrastructure. But as businesses push to create new products and increase productivity, they have discovered that they often must cooperate to provide the services their customers and employees demand.

Schooled in Security

drupal — Thu, 18 Aug 2005 10:24:22 -0500

"For universities, network security is a tricky balancing act."

Hacker Helps Business School Applicants get Early Decision

drupal — Mon, 07 Mar 2005 11:29:06 -0600

A hacker who was able to access admissions records for dozens of business schools posted instructions online for how applicants could access those records. Among the universities whose records were exposed were Harvard University, Stanford University, Duke University, Carnegie Mellon University, and Dartmouth College. All of the affected schools use an online application and notification system called ApplyYourself.The vulnerability that allowed the unauthorized access has been fixed, but during the nine hours in which the systems were exposed, several hundred students attempted to find out if they had been accepted to schools to which they applied. Final decisions and notifications of acceptance are not expected for several more weeks. School officials have been able to identify at least some of the applicants who gained access to the records systems, and officials from some schools said such activity would factor into the admission decision. Steve Nelson of Harvard's MBA program said, "Hacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop." Even if a student saw a decision, said Nelson, that decision isn't final until March 30.

Personalisation in Presentation Services

drupal — Tue, 27 Jul 2004 10:23:34 -0500

The activities conducted during this study, commissioned by the UK Joint Information Systems Committee (JISC), included a literature review, interviews, three regional workshops and an email questionnaire which received responses from several European countries, Australia and the USA.

The report concludes that personalisation is effective and feasible in situations where data is controlled and where there is a clear rationale or business case. It identifies several impediments to using personalisation with uncontrolled data, including immature technology and lack of metadata.

Personalisation is no substitute for user requirements analysis and user-centred design. In the right circumstances, personalisation can improve efficiency, reveal inadequacies in business processes and allow services and learning materials to be effectively targeted. Accessibility to users of all abilities may be improved by offering options such as switching off graphics, or changing font-sizes or background colours - all Web sites should consider this. True personalisation is more than allowing users to "re-skin" the interface or change the position of screen elements.

The report identifies a number of areas where interesting and rewarding work might be done. It does not recommend setting up national services for personalisation or user profiles and it discourages the development of national standards in an area where international de facto standards are still developing.

It recommends:
*small pieces of work looking at user requirements and exploring innovative and tightly defined uses of personalisation approaches
*work on sharing user profiles between services, diverse organisations and institutions
*looking at the use of different profiles for an individual user in different roles or different areas of life (work, home, sport, leisure etc)
*institutions use the push for personalisation to ensure that their core data and processes are reliable and efficient, and where they are not to transform them
*the use of a common vocabulary for describing personalisation work in the UK academic community
*the use of consistent standards throughout the community for the use and production of RSS (newsfeeds)
*some research should be done into the uses of customisation and personalisation to extend access to disabled users
*every effort should be made to capitalise on JISC's substantial investment in services and resources. Users may want to use resources through personalised institutional portals or through personalised subject based services. Re-use and multiple use of records and resources available to the UK academic community should be encouraged. To provide personalised services, institutions and subject based services must easily be able to access and share resources. The authors are doubtful of the value of promotion to end users of arcane and hard to comprehend brands such as the RDN (Resource Discovery Network). Promotional activity would be better focussed at service providers, whether institutional or subject-based, encouraging them to use the indisputably valuable resources that comprise the RDN. This applies to JISC services in general. While a multiplicity of interfaces is inevitable and desirable for progress, competition between government funded services for end-user "hits" which leads to restrictive practices and discourages sharing is undesirable. Assessment measures and performance indicators which encourage such restrictive practices should be removed or reformed

Enabling Access in Digital Libraries: A Report on a Workshop on Access Management

drupal — Thu, 23 Sep 1999 16:48:38 -0500

The workshop described in this report focused on the management of access to published information resources through research libraries. Topics discussed include privacy, protection of rights, authorization, and authentication.Among the groups seeking to meet the challenge of access management are the Digital Library Federation (DLF), which consists of major research libraries and archives in the United States, the Center for Research on Information Access (CRIA) at Columbia University, and the Information and Intelligent Systems Division of the Computers, Information Sciences and Engineering Directorate of the National Science Foundation (NSF). On April 6, 1998, they brought together expert practitioners and researchers from several disciplines at a workshop, held at the Brookings Institution in Washington, D.C., to explore some of the more pressing questions for research libraries.