Published on March 20, 2020
1. Change of Identity, Loss of Personalisation? The Challenges and Opportunities of Personalisation in Access Management Peter Reid, DigitalServices Librarian, Bath Spa University
2. Today: • Personalisation - tensions & trade-offs • Migration of Bath Spa’s Identity Provider • Library’s role & speculations • Competing Identity Providers . . . ?
3. Personalisation What is personalisation? Within the institution:
4. Personalisation What is personalisation? Outside the institution:
5. Personalisation ultra !? A publisher asks us for user information in the form of SAML attributes, etc Or sometimes, once they’re signed in: How should the institution / library respond . . . ?
6. What are the risks? ● Loss of trust? 77% ‘would be fine with grade data and course interaction being anonymously used to predict students’ performance in future’ (HEPI, 2019) But what about sharing with third-parties? ● Are we ‘paying twice’? ● Can we sustain the benefits, and strike a balance with user privacy?
7. Privacy-preserving The pseudonymous identifier eduPersonTargetedID ○ Unique, encrypted value for both the user and the service ○ Cannot be used for tracking, cross-site e.g. https://bathspa.ac.uk/oala/metadata!https://capitadiscovery.co.uk/b ath-spa/saml/module.php/saml/sp/metadata.php/default- sp!VuudBJ9r6EN2rv7cQ3gZTUod31Y=
8. Migration of personalisation 2017 - 2019
9. What did we do? Update 10 – 15,000 user accounts on day of IdP migration? (“Big Bang”) Script to generate old pseudonymous value for all users in Active Directory (“Rolling drawbridge”) ○ Revert to “Big Bang” . . .
10. The result…? ● Lots of work! (6 providers, coordinated update on same day, across time-zones) ● And … nothing happened ● BUT – usability AND privacy balanced ● Better trade-off than accepting the casual erosion of users’ privacy -?
11. Library’s role in identity management
12. Library’s role in identity management ● IT liaison & collaboration ● Traditional commitment to privacy ● Challenge from publishers pivoting to data-based businesses
13. Competing identity providers? University + its members LinkedIn Learning + LinkedIn A community network of learners and learning resources} Which is the primary identity?
14. Any questions?
15. Thank You Peter Reid, Digital Services Librarian, Bath Spa University email@example.com | @confluentious For more information, see the paper Reid, Peter. 2019. “Usability and Privacy in Academic Libraries: Regaining a Foothold Through Identity and Access Management”. Insights 32 (1): 33