cis 2015- social identity management in academiareal world byoi- tom eggleston
TRANSCRIPT
Social Identity Management in Academia Real World BYOI
Cloud Identity Summit, June 2015
Agenda
• UK university sector background • Social login use cases for universities • Case studies • How to build it? Review of technical components • Q&A
Background
• ProofID is a specialist provider of fully managed identity solutions • Trading since 2008 • Based in Manchester, UK • Proven track record of delivery into Academia • Technical expertise across multiple identity management technologies:
• Ping Identity • NetIQ • Microsoft • Open Source
Background - Me
• Working with Identity Management for 10+ Years • CTO at Salford Software – leading provide of Identity
Management to UK Academia • Now Managing Director of ProofID, following acquisition of
Salford Software
UK University Funding – A Brief History
1970s
• Bad haircuts • No tuition fees • Maintenance grants • 1,300,000 students
UK University Funding – A Brief History
1980s
• Bad haircuts • No tuition fees • Maintenance grants • 1,400,000 students
UK University Funding – A Brief History
1990s • Bad haircuts • No tuition fees • Student loans for
maintenance • 2,000,000 students –
University for all!
UK University Funding – A Brief History
2010s • Better haircuts • £9,000/year tuition fees • Student loans for
maintenance • 20% fall in government grants
for HE • 2,500,000 students
Current Landscape in Universities
• Difficult operating environment – major funding squeeze • Universities now run as businesses with ‘customers’ • Highly competitive environment – record number of institutions • Every student worth £9,000 / year – 50% of universities depend
on tuition fees for over 50% of revenue • Differentiation through student experience is a key drive
How does Social Login help?
Reten%on
Alumni Management
Recruitment Customer Acquisi.on Customer Engagement
Repeat Business
Use Case 1: Recruitment
Use Case 2: Student Experience
Hypothesis: new ‘born in the cloud’ students would like to access
University resources using social login
Tested via ProofID commissioned research at University of Dundee
59% of students would use social login to access University websites and services
Facebook – 95% TwiAer – 46%
Instagram – 27%
Fewer Passwords – 52%
No forms – 27% Familiarity – 22%
Privacy – 71% Security risk – 56%
Social Iden,ty Proofing
• An automated method to %e a social iden%ty to a known individual • Increases assurance around the social iden%ty
• Universi%es can decide which systems and how much data to expose based upon appe%te for risk
• ‘Recer%fica%on’ on a regular basis
Use Case 3: Alumni Engagement
• Median donations to UK Universities - £1,000,000 p/a • From 9m contactable Alumni, only 1.4% donated • Universities rely on traditional marketing – mail, email, phone
• Harvesting social identities opens up social channel for communication across multiple social networks
• 20% increase in donators could yield £200,000 p/a to average institution
The value of identities
Social login allows Universities to realise the value of identities
Case Studies
University of the Arts, London
“The ability to allow our students secure access to university systems via social login is very interesting in
terms of the user experience and delivering UAL IT Services to our Alumni” Jim Nottingham, CIO
University of Hull
“Social login offers us some very interesting ways of
interacting with potential, current and past students. A key element is to allow pre-applicants to register interest with
the university via their Facebook login, and then gain access to a relevant taster module in our VLE. By using social login, we hope to have much greater uptake of the
service, as there are no online forms involved. “We are also very excited about the possibilities for alumni. Social login will allow users to build a consolidated identity of all of their social identities, and the university can use
these social channels to stay in touch with them after they have left the university. We believe this will be much more effective than ‘email for life’, and will allow ex-students to
remain engaged with the university.” Tony Ward, Project Manager
How do I build one?
Solution Architecture
Application 1
Application 2
Application 3
Consolidated Identity Store
Directory Service
Federation Service
Processing Engine API
Provisioning
CRM System
OAUTH OAUTH OAUTH
LDAP
Social Connectors
• OAUTH 2.0 social connectors • Allow users to sign in via various social
networks • Request permission to social identity attributes • Request write permissions (e.g. write to
Facebook Wall) • Interaction with APIs e.g. to send messages
Federation Capability
• Provides federated SSO to university services • Wide protocol support required to support
variety of applications found in the sector • Must support attribute lookup & manipulation • Roles awareness helpful • MFA capability? E.g. integration with
smartphone MFA such as Google Authenticator
Consolidated Identity Store
• Map multiple social identities to an individual • Associate with an institutional identity • Build rules to determine attribute precedence • Manage roles e.g. applicant, student, alumni • Manage assurance levels
• Assurance status • Proofing engine
• Provisioning capability
Landing Page
• Launchpad for applications • UI to allow linking of additional identities
• May not be required – universities could provide own portal
API
• API essential to enable connectivity • Limited value as a standalone system
• Read attributes from data store • Manipulate roles • Send messages
Technology (other vendors are available…) Federation • Open Source
• Commercial
Provisioning • Open Source
Complete Solution
Questions?