Access Lab 2020: Change of identity, loss of personalisation?

50 %
50 %
Information about Access Lab 2020: Change of identity, loss of personalisation?

Published on March 20, 2020

Author: OpenAthens


1. Change of Identity, Loss of Personalisation? The Challenges and Opportunities of Personalisation in Access Management Peter Reid, DigitalServices Librarian, Bath Spa University

2. Today: • Personalisation - tensions & trade-offs • Migration of Bath Spa’s Identity Provider • Library’s role & speculations • Competing Identity Providers . . . ?

3. Personalisation What is personalisation? Within the institution:

4. Personalisation What is personalisation? Outside the institution:

5. Personalisation ultra !? A publisher asks us for user information in the form of SAML attributes, etc Or sometimes, once they’re signed in: How should the institution / library respond . . . ?

6. What are the risks? ● Loss of trust? 77% ‘would be fine with grade data and course interaction being anonymously used to predict students’ performance in future’ (HEPI, 2019) But what about sharing with third-parties? ● Are we ‘paying twice’? ● Can we sustain the benefits, and strike a balance with user privacy?

7. Privacy-preserving The pseudonymous identifier eduPersonTargetedID ○ Unique, encrypted value for both the user and the service ○ Cannot be used for tracking, cross-site e.g.! ath-spa/saml/module.php/saml/sp/metadata.php/default- sp!VuudBJ9r6EN2rv7cQ3gZTUod31Y=

8. Migration of personalisation 2017 - 2019

9. What did we do? Update 10 – 15,000 user accounts on day of IdP migration? (“Big Bang”) Script to generate old pseudonymous value for all users in Active Directory (“Rolling drawbridge”) ○ Revert to “Big Bang” . . .  

10. The result…? ● Lots of work! (6 providers, coordinated update on same day, across time-zones) ● And … nothing happened ● BUT – usability AND privacy balanced ● Better trade-off than accepting the casual erosion of users’ privacy -?

11. Library’s role in identity management

12. Library’s role in identity management ● IT liaison & collaboration ● Traditional commitment to privacy ● Challenge from publishers pivoting to data-based businesses

13. Competing identity providers? University + its members LinkedIn Learning + LinkedIn A community network of learners and learning resources} Which is the primary identity?

14. Any questions?

15. Thank You Peter Reid, Digital Services Librarian, Bath Spa University | @confluentious For more information, see the paper Reid, Peter. 2019. “Usability and Privacy in Academic Libraries: Regaining a Foothold Through Identity and Access Management”. Insights 32 (1): 33

Add a comment