University of Glasgow

Right People, Right Stuff, Right Pain?
Session Summary

John Byrne, James Currall, Colin Farrow

Version 1.0

June 2002

Setting the Scene

A brief introduction by James Currall (Glasgow) and two ten minute presentations from Colin Farrow (Glasgow) and John Byrne (York) outlining:-

that Glasgow and York face in allowing the right people to see the right stuff.

Discussion of the Issues and input from Delegates Perspective

A discussion was in two groups:

General Discussion and 'What can I Do?'

James Currall lead this discussion, drawing on the discussion in groups. The groups’ discussion fell into two parts (plus another session later):-

Getting the Right People information

There was general agreement that there is a need for good quality, people information covering all those who need access to information in an institution.

For the most part, although having Right People information is very important to those who have to manage access to information and systems, they are not in the position to solve it. The people who are (registry, Human Resources, etc.) will only own the problem if they see value (to them) in tackling it.

Groups (and how to build them)

Groups are used to model roles within the organisation and were generally agreed to be a good way to provide (moderately) fine-grained access control to information.

These are three types of group:-

Robot Groups
formed automatically from rules based on institutional process and systems (e.g. Departmental membership, staff grade, etc.)
Ad Hoc Groups (official)
formed by a ‘responsible person’ based on official designation (e.g. membership of university committees, etc.)
Ad Hoc Groups (unofficial)
formed by an individual who needs to share information with a number of others who do not conform to an official categorisation (e.g. ad hoc working group, special interest group, etc.)

Three issues were seen as being important in maintenance of groups:-

Groups can be used to control access to information but can also provide e-mail lists and other functions if managed in a directory service which can look up the other information as required.

Both Glasgow and York have implemented groups to model roles and have done so within an LDAP framework.

Pseudo-Anonymous Credentials

Groups provided in this way seem to have very great potential in inter-university collaborations, where confirmation of group membership is passed as a credential to the other institution (but not the details of who the person is). In this context, Ulster has been collaborating with the University of Athens and York is collaborating with Hull (see also the Shibboleth work referenced in the briefing paper)

Technical Matters

Technical matters concerning the design of an LDAP directory for access control were deferred until an additional ‘Birds of a Feather’ session held later.