authorisation issues [email protected] portal - (n). lat. porta, (door, gate) portalis,...
TRANSCRIPT
Authorisation Issues
PORTAL - (n). Lat. porta, (door, gate) portalis, (like a gate). A doorway, gate or other entrance, especially a large or elaborate one.
Right People, Right Stuff, Right Pain?
John Byrne (York), James Currall, Colin Farrow (Glasgow)
Institutional Web Management Workshop Junne 2002: The Pervasive Webhttp://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2002/materials/currall/
Authentication
• Pretty much sorted ….– Yale’s Central Authentication Service (CAS)
– Single sign on
– Sneak preview
• …. except– “Grey Users”
– “Trusting the Trust?” (NHS)
– Need multiple authentication services – cascade through them
Personalisation
• So if you’ve got authentication sorted then personalisation (=“portal”) will be a doddle – right?
• Wrong!
• It goes like this …
“The Digital Library”
The challenge – Central vs. Local data
The Data Model
Staff (PIMS)
Students(Dolphin)
Curriculum(Dolphin & Unit Cat)
ResourcesIs there a common local data model?
Why do departments maintain local systems?
Central vs. Local Data
Why do departments maintain local systems?
Teaching Week 0 6000
Teaching Week 2 5000
Teaching Week 3 3000
Teaching Week 4 1000
Teaching Week 5 100
Programme registration progress
Teaching Week 6 50%Teaching Week 7 58%Teaching Week 11 83%Teaching Week 13 86%Teaching Week 14 92%Teaching Week 15 93%Teaching Week 16 94%Teaching Week 17 95%
Unit registration progress(=120 credit points)
Driven by assessment & external compliancenot learning & teaching!
The challenge – central vs. local data
The risks1. The portal may be partly empty2. The portal may be wrong in parts3. The portal will not contain local added value
(like tutor groups …)4. The portal will not be personalised
What problems are we trying to solve?
• Authorisation– Membership of some group determines role– Role determines level of access– Group information is often maintained at local
end of Central-Local join (e.g. tutor groups, research groups)
• Preferences (= personalisation)• Multiple authentication services
Authorisation & Central-Local data join
• We need a “Groups Manager” which allows:– Use of groups in an authorisation framework
(i.e. permissions database)– Definition of numerous ad hoc groups (where
group size >= 1)– Definition of groups of groups– Devolution of creation of some groups– Devolution of maintenance of some groups
Bodington does this …..
Preferences
• We also want to be able to store personal attributes such as– Bookmarks– Portal layout– Calendars– Address books
Is LDAP the answer?
L e ve l 6 L e ve l 6
L e ve l 5 L e ve l 5
L e ve l 4
L e ve l 6 L e ve l 6
L e ve l 5 L e ve l 5
L e ve l 4
L e ve l 3 L e ve l 3
L e ve l 2 L e ve l 2
L e ve l 1
Central – database driven
Local – rampant ad hocery?
Practical realities
• Capturing local added value
• Incentivising maintenance of local added value
What else is bubbling under?
• Angel?
• Akenti?
• Permis?
Six MLEs - more similar than different