A Role for Libraries in Helping Users Manage Collaboration

1
A Role for Libraries in Helping Users Manage
Collaboration

2
Topics

• Several forms of identity and their use in
  collaboration
• The rise of federations and P2P
• The role of VOs
• The rise of collaboration apps
• The plumbing of collaborative apps and the
  impacts
• Issues and opportunities (open discussion)
• Consistency of what and how
• Privacy
• Search
• Metadata

3
Internet Identity - Federated

• Provides inter-enterprise (and intra-) IdM
• Can be bi-lateral but increasingly multi-lateral
• Use cases b2b, c2g, c2b
• In academic settings, privacy preserving
  capabilities and international use are helpful
• Often is role and entitlement oriented
• Two major flavors SAML/Shibboleth, and MS WS-
  as theoretically interoperable as they need to be
  now

4
Internet Identity P2P

• Provides tokens for interpersonal trust
• Use cases include file and photo sharing, some
  encrypted email, etc.
• Limited role but large personal contexts
• Subtle but critical layers
• Identity Selector, tokens, mobility, reputation
  systems, others
• Active space Cardspace in MS Vista, Higgins and
  the Bandits, OpenId, etc.

5
Identity Integration goals

• Of federated and p2p identity
• Many levels of integration
• The tokens
• The GUI
• The privacy management paradigm
• Of identity and privilege management
• Assignment and management of permissions to users
  by those with authority to grant such access
• Addresses the static aspects of the authorization
  space, with audit, delegation, prerequisites,
  etc.
• Permissions can be enterprise or virtual
  organization

6
The Rise of Federations

• Occurring in the RE sector of many countries
• Typically used for content acquisition (scholarly
  and popular), service outsourcing (academic and
  administrative), shared network access,
  government applications, and now collaboration
  tools
• The largest, in the UK, has over five million
  users and will grow in scope to include all
  education, and now national health
• Peering among federations being worked on
  actively

7
Of federations and Virtual Organizations

• Federations provide general trust fabrics for use
  by many users accessing a variety of resources
• Specific collaborations among small subsets of
  users, typically around a science experiment or a
  research community, are VOs.
• More than groups delegation, audit
• More than general collaboration tools domain
  science management
• the second job
• The intent is to leverage peered federations to
  support the identity management needs of virtual
  organizations

8
Peering

• Parameters
• LOA
• Attribute mapping
• Legal structures
• Liability
• Adjudication
• Metadata
• VO Support
• Economics
• Privacy

9
VOs plumbed to federations
10
The rise of collaboration apps

• Aka web 2.0, social networking, etc
• Asynchronous wikis, flickr, webdav, etc.
• Synchronous - IM, audioconferencing,
  videoconferencing
• Flickr, del.icio.us, facebook, myspace, etc.
• All need some identity management and access
  controls

11
Applied (Up) MiddlewareEnterprise Edition

• Bringing identity and plumbing into apps
• Federated applications
• Even that has a spectrum of implementation
  options (eg federated IM at the server and at the
  classic Shib user level)
• Consistent privacy management
• Plumbed applications
• Use of enterprise middleware services
• May be enterprise or VO uses

12
Examples of plumbed collab apps

• Federated wikis
• Identity based spaces.internet2.edu
• Attribute-based wikis members of the
  community discussions
• Web-accessed shared file stores
• VO calendaring interacting with users enterprise
  calendar
• Real time tools
• Federated IM use your local login for external
  IM use
• An IM channel for a VO
• Audioconferencing over IP
• Videoconferencing

13
More examples

• Lionshare
• Identity-federated repositories
• Enterprise del.icio.us
• Cardspace enabled photo-sharing
• Second Life groups fed directly from class lists,
  using institutional log-ins
• Google Apps for education, federated
• Maybe inter-institutional workflow

14
The need for consistency

• There will be no uber-app
• Too stifling of invention
• Too confining of community of use
• Even the embedded tools should be exposed
• The videoconferencing within the LMS
• IRC chat rooms embedded within larger portals
• Users will want to combine identities and roles
• Implies need for some consistency in certain
  dimensions of app management
• Identity/privilege management
• Several critical other concisterns

15
How Plumbed?

• The minimum is some type of federated identity
  (though perhaps not classic Shib) or use of a
  standard P2P
• Even better would be use of enterprise services
  for group and privilege management, workflow,
  diagnostics, etc.

16
Consistent dimensions of user experience

• Identity and Privacy
• Privilege Management
• DRM on a wide variety of digital objects, with
  rich controls
• Metadata tagging
• Search on metadata
• Network layer management issues
• Trust and reputation mechanisms

17
Possible roles for libraries

• Libraries helping users manage privacy
• Populating and controlling the collaboration gate
• Attribute Release Policies
• Assisting in metadata
• Tagging 101
• Building ontologies and controlled vocabularies
• Searching 101
• DRM management

18
Privacy

• There is a document within the UK Federation
  specifically on this issue
• http//www.ukfederation.org.uk/library/uploads/Doc
  uments/recommendations-for-use-of-personal-data.pd
  f. 
• This document is all recommendations and
  theguidelines laid out do not have to be
  followed, the only requirement is thatthe 8
  principles of the UK Data Protection Act (1998)
  are met. 

19
The Eight Principles

• 1. Personal data shall be processed fairly and
  lawfully
• 2. Personal data shall be obtained only for one
  or more specified and lawful purposes, and shall
  not be further processed in any manner
  incompatible with that purpose or those purposes
• 3. Personal data shall be adequate, relevant and
  not excessive in relation to the purpose or
  purposes for which they are processed
• 4. Personal data shall be accurate and, where
  necessary, kept up to date
• 5. Personal data processed for any purpose or
  purposes shall not be kept for longer than is
  necessary for that purpose or those purposes
• 6. Personal data shall be processed in accordance
  with the rights of data subjects under this Act
• 7. Appropriate technical and organisational
  measures shall be taken against unauthorised or
  unlawful processing of personal data and against
  accidental loss or destruction of, or damage to,
  personal data
• 8. Personal data shall not be transferred to a
  country or territory outside the European
  Economic Area unless that country or territory
  ensures an adequate level of protection for the
  rights and freedoms of data subjects in relation
  to the processing of personal data.

20
DRM

• There may be new opportunities for DRM
• Federal interest
• Corporate dissatisfaction with current approaches
• Integration of digital objects into curriculum
• Need for more sophisticated controls in wikis,
  etc.

21
Discussion Item 3

• Federated search meets federated identity
• Federated identity is oriented towards
  preservation of privacy
• Attributes are released parsimoniously
• Federated search wants to couple many resources
  into a single search mechanism
• What if the resources need different attributes?
• Is there a de facto standard set?

22
Collaboration Support

• Some info on members may want to exposed, but
  with controls
• People picker
• VO stub-ins
• Roles
• Scoping the controls