Oren’s Weblog

Joel Smith from CMU is leading this discussion.

There’s a bunch of activity in Educause and other forums around this topic.

Strategies around specific emergencies could be very different depending on the nature of the emergency.

A quick survey of the membership: 84% of the respondents said there have been situations in recent years calling for emergency communications, including environment and weather, environmental health risks, dangerous or damaged facilities, etc.

How long does it take to send messages? Fastest is web posting, email is pretty fast, and text messaging is the least deployed. Joel notes that composing messages is not something that is built into our emergency processes and it’s difficult to do in many circumstances. At Columbia it took them eight hours to compose a message to inform people that the campus was closed in a snowstorm. It can also be hard to get hold of the right people to post and send messages.

Berkeley deployed PeopleLocator (http://peoplelocator.berkeley.edu/ )

Much is predicated on having good data, like cell numbers.

Bill notes that at Stanford they have an incident response team that’s separate from the emergency operations process.

Joel notes that it’s important to put the time that the next communication will take place in each emergency notification, in order to keep people from overloading the channel just to see if there are any updates.

MIT is looking very seriously at being able to send SMS messages. There’s some concern that you have to work closely with vendors to not have mass SMS messages classified as spams.

A few institutions in the room have some cell contact information for students, but nobody claims to have good directories of cell information.

Texas students had brought Mobile Campus on campus – but it peaked at about 7,000 students (out of 50,000) and appears to be on its way down – they think it’s because they get spammed with ads from them.

MIT is going to try some tests of emergency communications, asking people to respond if they receive the test messages. They are using mir3, which was contracted originally to contact emergency responders, but they expanded that to try to contact everybody. They hope to be able to use that test to gauge how good their contact info is, as well as how long it takes to get messages out. They’ll try sending both voice and text messages.

At Wisconsin they’re adding text asking people to update their contact info when they register for classes.

Several campuses have been updating PA systems on campus in the wake of recent emergency events.

Technorati Tags: CSG, CSG-Spring-2007, emergencies, emergency-notification, emergencies, notifications

Charlie Leonhart is leading off the morning with a discussion of identity management. He’s asking the crowd who’s running their first generation ID management system as opposed to as second or third generation system. Paul points out that their approach at MIT is more incremental, changing and adding to the original system every year, so it’s more of a maturing continuum rather than generations. Georgetown’s original ID management was a directory built for provisioning accounts in different systems.

RL Bob says that Internet 2 and MACE point to different products that handle this kind of thing, but there is no significant open source shared product in the space of core identity management and provisioning, as the institutions that have built these systems have done it in ways that are embedded so deeply in their systems that it’s hard to share.

Several people have used commercial products in their identity management – Indiana uses Microsoft’s identity management server, and it’s working very well. Brad thinks we need to get better at federated identity – maybe 2008 will be the year of federated identity. Gary says NYU uses Sun’s identity management products, because they didn’t want to have to build it themselves. Michigan is going to go with the Novell services because they didn’t want to build it themselves and the connectors to Peoplesoft and other systems were already there. Duke is also using Novell. Colorado is going with Sun. Georgetown has picked Oracle, primarily to automate feeds from backend systems and for provisioning and de-provisioning. De-provisioning is particularly challenging – the ability to do ubiquitous de-provisioning is important.

How much convergence is there with digital identity and physical id control. At Chicago the card office has always been part of central IT, and they’re working on merging that system with card system, and they’re working on a common system across the hospital and the campus.

How centralized is the process of creating identities – how many are taking feeds from departments to create identity? Tim says that at Harvard the issues are around SOA kinds of things – changes in data formats, scheduling, etc.

RL Bob says that we have a local community college that we share facilities with that needs NetIDs, and we are working with the Cancer Care Alliance who needs NetID. In both of those cases they run Active Directory and we’ve been using a federated approach, using Shibboleth – which raises some policy issues of what kinds of things they then might get access to.

At Stanford they’re setting up a guest account service. Bruce also notes that the owners of the Peoplesoft and Oracle systems are likely to start asking about what value the separate registries bring, instead of just using the purchased systems.

Klara talks about Duke needing to create the ability for affiliates to create accounts in a delegated fashion. Charlie characterizes this as the “Martian” user issue – visitors, people who come just for the day, etc. Michigan is setting up a sponsorship system where departments can set up temporary identities for visitors.

Brad says to look at the strategic issue, the University is not going to be a fortress any longer, but will need to be much more porous. He cites the issue of the library which was using access to a University digital identity as a surrogate for meaning “faculty, staff, or student” to grant access to subscriptions.

Tom is talking about people who are “non-affiliated patrons”, like those who have library privileges but no other connection to the institution. They’re creating a separate store of identities for these folks. It was much easier to not bring those back into the main identity store and deal with all the policy issues, etc.

Phil Long notes that business process has to precede identity management.

At Wisconsin they have a formal decision making body for identity management that reports to the Provost. Just this month that committee has announced that they’ll add two faculty members and student representation. Federated research has made this an academic as well as administrative issue.

Berkeley has a signle-sign-on management model, but there’s not a good funding model – they’ve been considering some sort of identity-management tax on new system development projects.

At Georgetown they have a tax on all money transactions on their cards to fund the card office operations – 4% on internal purchases (like soda and candy machines, etc), more for external vendors (like local restaurants, etc).

Texas has multiple assurance levels of identity – for high assurance you have to show up in person with photo ID.

Technorati Tags: authentication, CSG, CSG-Spring-2007, digital-identity, identity-management, identity