iPaaS

The importance of getting identity management correct!

Hitting the news today (Tuesday 6th November 2012) was a sobering article highlighting just how important it is to get identity management correct!

Over a three year period from March 2007, the Prudential UK managed to mix-up two of their customers’ pension accounts and pay substantial funds into the wrong account.  The mistake, which has cost Prudential £50,000 in fines, boiled down to the two customers having the same forename, surname and data of birth.

For the full story check out http://www.bbc.co.uk/news/business-20221648.

5 reasons why you should take Single Sign-on seriously

F2MKE BlogA recent report by the credit checking company Experian warned that the average online consumer had 26 separate online logins but just 5 different passwords.

Two thirds of people have accounts they no longer use but have not closed down, leaving them vulnerable, the research found.  Every week we learn about new and major hacks leading to the comprising of our usernames and passwords.

In July 2012 we have already heard about the ‘loss’ of 450,000 Yahoo identities, over 1 Million Android forum IDs, 20% of all Microsoft account credentials – where they had been reused on other websites – and LinkedIn hacked twice in as many months.

It is all too easy to reuse the same ID – typically your email address together with your favourite password – when registering with different websites online.  The problem – and the very real threat – is that it only takes one of these websites to fail in keeping that ID and password safe and suddenly your online information and access across many different websites is in jeopardy.  What’s more, you may not even realise until you go to apply for a credit card, loan, mobile phone, or mortgage and are refused.  Perhaps worse still, the debt collectors come knocking upon your door!  Even if you do discover that a website you use has ben compromised, can you really remember all of the websites that you signed up to using the same ID and password so that you can sign-in and change your login credentials?

Standards-based Single Sign-on is one killer tool in your defence arsenal!  The following 5 reasons pretty much cover the benefits of using the Single Sign-on technology Oauth for your social online world and Shibboleth if you are in the classroom.

Popular Oauth Identity Providers include Twitter, Facebook and Google.  For more about the prevailing Shibboleth standard in education, simply search this website.

Now for those 5 reasons:

1) When you connect to a new website, application, or service provider using Oauth or Shibboleth, your username and password is not shared with, or stored in, that provider’s system.  If it’s hacked, your ID and password stays safe.

2) It is good practice, alongside having a complex password, to change that password often.  In the Shibboleth and Oauth Single Sign-on model, you can do this just once and in one place resulting in all of your other online presences relating to this change.

3) If you suspect that your password has been compromised, as with (2), you change it once and in one place.  No need to try to remember what you’ve signed up for and how to get there!

4) A single username and password for everything leaves space in your memory for other things; like remembering to pick-up some milk, or the kids, on your way home from work.  Oh and less reason to write it down too!

5) There are SO many great online resources out there asking you to sign up.  Can you really trust the honesty and security of them all?  With true Single Sign-on you can register with the peace of mind that they haven’t got hold of your username and password – often they shouldn’t even need to ‘know’ other personal details such as your name.

So there you have it.  Single Sign-on together with a ‘strong’ and frequently changed password will keep thing more simple and more secure for your online adventures.

The Server-less School

With an open standards integration Platform as a Service (iPaaS) available, could we see the dawn of a server-less school?  What’s needed?

– An Identity Management (IdM) service with automated Systems Interoperability Framework (SIF) integration with a school’s Management Information System (MIS);

– A Shibboleth federated Single Sign-on (SSo) Identity Provider (IdP) service;

– A Zone Integration Server (ZIS) service.

The extent of ‘Cloud’ application services compatible with the iPaaS summarised above could negate the need for Local Area Network (LAN) hosted directory, file and application servers..?  If we can show that proxy and caching servers are also redundant, then we are well on the way to a server-less school.  What does this mean?  In short, this means less infrastructure and related hard, soft and management costs overhead, together with fewer things to go wrong when relying upon Internet access for teaching & learning. This approach also lends itself to a device agnostic Bring Your Own Device (BYOD) strategy.  The following image visualises this idea…

 

Future School