At the moment, the majority of the global higher education sector and supporting cast, e.g. academic publishers and database brokers/owners still seem keen to ring fence what they perceive to be their prime assets or 'crown jewels' e.g books, journals, data, VLE 'courses' etc … let's call these resources. But we live in a world of distributed digital resources and increasingly 'open' systems and so the idea that any one institution or one repository can possibly meet all needs is distinctly past its sell-by-date. So what are some of the resource access options for HEIs wanting to dip their toe in this potentially stormy water? To start the ball rolling we could fling a conceptual grenade (and then duck) by suggesting that our institution's content is not the crown jewels at all. Students come to institution x for a variety of reasons, but you're unlikely to hear them declare that it's the wonderfullness of the content that brought them there. Why? Is it because they usually never get to see the module/programme content until they've actually signed up?
Of course, nowadays, online learning tools and environments do offer the opportunity for 'tasters'; but do make sure that your tasters are really representative of what they can expect throughout their time with you and not just marketing 'specials' or you have just provided a complainant with the evidence they require to prove your marketing wasn't matched by the reality.
Anyway, back to the conceptual grenade and crown jewels.
To defend yourself against the response to your attack upon the perceived 'crown jewels' it will become necessary for you to assert that the jewels are actually something much less tangible. The jewels which attracted the students include the institution's perceived status in the global and national marketplace. The perception can be based on a multiplicity of criteria with surveys by the national press in the UK playing a signficant part. Such surveys inevitably focus on the facilities, support infrastructure, attrition, employment in the area of study post graduation, research rating etc. So the irony here is, if you're feeling really radical, you could boost your crown jeweldom by persuading your institution that it could adopt an open/public access policy and make all its content available because students come to the institution for the real crown jewels, i.e. the process, the interaction - with leaders/experts in a field and other students and above all the official document at the end which proves, yes, they were 'there'.
Those institutions which adopted a full or partial open resources policy, e.g. MIT, Utah State University, and in the UK the University of Southamptom don't seem to have suffered unduly and, if anything, have gained considerably from their decision.
But the HE community is pretty conservative and such open access policies would be a step too far for many. So for those HEIs perhaps willing to share, but not with everyone, we enter the world of collaborating/cooperating consortia or federations, trust relationships, and access management.
Those wishing to go down this road need to ponder questions like:
How can institution A and publisher B and institution C and database broker D and institution E enable particular users who meet particular criteria to have access to resources which may be sited at any one of the co-operating entities? Of course, we could irritate the hell out of users (as we do) by requiring an individual registration and login for each resource request. Or … enter stage left … there's middleware.
Working quietly and perhaps out of the spotlight of the glamour tools are the middleware projects which are part of the JISC Core Middleware Programmes. For example there's Guanxi and KC-Rolo which both use Shibboleth.
Def 1: Shibboleth - Old fashioned doctrine or formula of party etc., catchword; word or custom etc. regarded as revealing person's orthodoxy. (Little Oxford Dictionary of Current English 6th Edition)
Def 2: Shibboleth - a custom, principle, or belief distinguishing a particular class or group of people. — ORIGIN originally in the sense a word or sound which a foreigner is unable to pronounce: from Hebrew, 'ear of corn' (according to the Book of Judges, chapter 12, the word was used as a test of nationality because of its difficult pronunciation). (Ask Oxford: Oxford Dictionaries)
At risk of being a gross simplification of a set of complex interactions and certainly some pretty tortuous jargon, e.g. Handle Service, Attribute Authority, WAYF, Shibboleth Handle Indexical Reference Establisher, Shibboleth Attribute Requester, as best I understand it, Shibboleth at heart is based on the premise that if I try to request a restricted resource from a particular resource 'container' the container will ask Where are You From? (a WAYF) and as long as the WAYF response belongs to the federation or 'club' and that federation member institution can automatically confirm that the user who requested access to the resource is a user with the appropriate attributes, e.g. 'member of University x' or 'student-on-course xyz' then said user gets access to that resource and any other resource permitted within the federation. Shibboleth, is a bit like the duck which moves serenely through the water, but is paddling furiously beneath the surface. Whilst the user may experience a single login to multiple federated resources there are a lot of interactions between, potentially distributed, systems taking place which are invisible to the user.
I attended a JISC eLearning Programme meeting in Birmingham (UK) recently (5 and 6 April 2005) where there were Shibboleth presentations and demonstrations. Guanxi and KC-Rolo provided interesting examples of working implementations. But before I proceed I need to add a new word to the lexicon of tortuous but memorable terminology and that is to 'Shib' or be 'Shibbed', i.e. to adapt an existing resource container so that it can participate in Shibboleth interactions.
Guanxi has 'Shibbed' the open source Bodington learning environment/LMS and KC-Rolo has done the same to the open source Moodle VLE.
So what! you may say … what's the added value?
Well it appears to mean that if a student at institution A wants access to a Moodle course at institution B and as long as A and B are in the same Shibboleth federation the student's request for access should be granted without him/her having to have an account at B because B automatically requests A to authenticate/authorise the student. Such Shibboleth federation agreements are trust-based and assume that the user information directory/database systems in A are reliable and valid.
And that's the key issue.
Participating institutions in a Shibboleth federation need quality user information with attributes, e.g. yes … we have a Derek Morrison and he is a 'member-of-staff' or he is a 'student-on-module xyz', or whatever the required attributes are. So, if I understand things correctly, it seems that the first stage in an institution's 'Shibbing' process is a review and enhancement of its user information base, whether that be database or directory based.
It's rather ironic, however, that because the status and quality of user information bases is so variable that the best way to demonstrate the concept is to 'Shib' a couple of learning environments because they have embedded user information stores, i.e. Bodington and Moodle. Ideally, such user information should be outside of any specific environment but, neverthless this makes for the rather interesting scenario of the open source Bodington being used only for its authentication/authorisation contribution to a Shibboleth federation and therefore facilitating one-time logins to a range or other resources which could include Blackboard, WebCT, Moodle etc etc:) So if you want to experiment with Shibboleth then the Bodington environment appears to contain at least some of the bits you need.
Putting aside open access arguments, Shibboleth appears to be the type of technology which may help to spell the demise of the VLE as we currently know it. If, that is, as was being demonstrated at the JISC meeting, it becomes the norm for the people to seamlessly access resources and services distributed across their federations as well as the wider internet.
But doesn't Athens do something like this? Yes it does, but Athens isn't an open system. Shibboleth, claims to work co-operatively with Athens however, which is probably in both parties' interests … at least in the short to medium term.
JISC Inform 9 (Spring 2005) contains a four page special on Shibboleth entitled 'Connecting People to Resources' available in plain html or pretty pdf). The article certainly employs excellent graphic design to put over what can be a very complex topic. After reading this I was left wondering, since it was asserted that Shibboleth can guarantee that only eligible people get access to services and that it protects their personal identity, why it's not being employed as part of the new NHS Personal Electronic Health Records system (aka the NHS Care Records Service. If Shibboleth is good enough for Higher Education use surely there's some millions to be saved here? But a search for 'Shibboleth' on the National Programme for IT in the NHS site which is hosted by the new government agency 'NHS Connecting for Health' proved futile. We should note however, another JISC Middleware project called IMPETUS (Infrastructure for Multi-Professional Education and Training Using Shibboleth) a collaborative venture between the University Hospitals of Leicester, the University of Leicester, and De Montfort University but, as the project name suggests, there's no patient orientation here. So over to the JANeT NHS-HE Connectivity Project I went but, again, nothing about Shibboleth could I find there. So is Shibboleth's absence from this context due to lack of joined up thinking or is it simply not suitable?
On 13 April 2005 JISC announced the adoption of Shibboleth as the solution for access management for the communities they serve.
Despite the JISC decision there are other open source solutions out there which certainly don't have the sophistication/complexity of Shibboleth but which I include for the record. There's the distributed identity system OpenId (formerly Yadis) or TypeKey (centralized registry maintained by Six Apart). Of course there's always Microsoft's Passport which, like TypeKey has a centralized registry, but it would be too much to consider trusting access management to any proprietary system/infrastructure over which they community has little or no control … wouldn't it?
In conclusion, I've presented two contrasting approaches here. Approach one is to open up and stop thinking of the resources your institution creates as 'crown jewels'. Instead think of this as an opportunity to give back what the taxpayer has usually paid for. Approach two was to adopt an access management solution which controls who can get access to the perceived jewels but which also allows a degree of sharing of resources between institutions who 'trust' each other.
It would be good to see more examples of each approach within the UK so that, in a few years time, we can judge which has proved to be the more effective. Either would be better than the current 'lock away/down the content' ethos which seems to dominate HE thinking and which leads to constant reinventions of the wheel (with just a little customisation so it fits within my context of course) 🙂
