Identity and Access Management and the Technology Outlook for UK Tertiary Education 2011-2016 (Part Three)

Recently, the NMC Horizon project published its report, Technology Outlook for UK Tertiary Education 2011-2016: An NMC Horizon Report Regional Analysis, produced in collaboration with CETIS and UKOLN. The last ten years have seen massive changes in the ways in which UK tertiary education institutions handle authentication, identity, and access controls, and I would like to take a look at each of the technologies it mentions and discuss whether their adoption will force or encourage further change.

The report groups technologies into three groups of four, the first group being those which are imminent (time to adoption one year or less), then those which are likely to be adopted in two to three years, and finally those which the contributors to the report expect to be adopted in four to five years. I will devote a single post to each group of four. This is post two of the three; go to post one, post two.

Augmented Reality


This particular technology has no interesting identity component that I can see - it's just going to be the usual issues of data ownership and, possibly, privacy. However, the nature of augmented reality is such that it is likely to lead to all sorts of new applications which may have privacy issues - in particular, those which allow visitors to tag the online information to add comments, or even graffiti to the augmented presence.

Collective Intelligence


In the educational context, the key point (clear in the example project links given in the report, though strangely not actually mentioned in the main text) is curation of the collected information, as learners and researchers have a need for accuracy. This in turn necessitates some form of identity management, otherwise the curation itself will need curating. This should already be well understood, as it is crucial to much open data already available, so there will be no excuse for not managing it sensibly by 2015.

Smart Objects


This is the use of unique identifiers embedded with an object which can be used (for example) to provide a linkage to a point on the Web. The current technologies for doing this are mainly RFID tags and QR codes. The sample uses discussed in the report don't seem to me to be of huge relevance for most forms of tertiary education specifically, though they will be useful for such tasks as keeping track of sample materials in labs, or the location of medical cameras and sensors in patients. Again, there seems to be nothing much new here in terms of identity.

Telepresence


The future of video conferencing is telepresence, which has had some high profile demonstrations; the name suggests the point, which is to make it appear to each participant that the others are present at a shared conference space (which may of course be a purely virtual location). As with smart objects, I have some difficulty thinking of applications for this technology specific to the education sector (surely it isn't going to enhance remote learning all that much?). I also experienced the nightmare which was UK higher education videoconferencing about a decade ago - too little bandwidth even in the dedicated video suite needed made it unusable, less good than Skype video calls are now. And I know how difficult the Open University found it when they first made it a requirement for some of their courses for students to have access to a fairly basic standard of computer equipment. So my feeling is that the date suggested for this is rather optimistic, as institutions will be conservative about the widespread adoption of something which has high bandwidth and processing requirements without extremely clear benefits for students and researchers. Small scale adoption where it's useful to research, possibly - the final use suggested for the technology is for the exploration of locations difficult or impossible for human beings to access. Generally, though, my feeling is that the report is being optimistic over the timescale needed for the hardware and bandwidth requirements to be sufficiently easy to meet.

This is a technology with clear identity elements - the participants in a conference will be identified to be able to take part (in the main), and will be releasing large quantities of information about themselves to the other participants. That said, it seems unlikely that most uses will provide any new or even particularly unusual use cases for IAM.

General Conclusions


Overall, it seems to me that there is little which is likely to provide new challenges for IAM in the adoption of any of these technologies. However, there is ample scope for developers to get the IAM components wrong for components of both the tools needed to deliver the technology and of applications which are built to make use of them for education and research. This is especially important as many of those involved in delivering the applications and tools will not be experts in IAM themselves. We often see elementary errors in security particularly: while I was typing this, I was alerted to a blog post linking to a paper about insecurities in Chrome browser extensions - exactly the kind of problem which a software developer can create through lack of thinking through the implications of what they're doing, or by trying to re-invent the wheel because they don't know that others have done it before them.

The potential problems are compounded because the hardware being used by students and staff is going to be more and more their own rather than under the control of the institution, with all the potential for poor security as self-support becomes the norm. The multiplicity of devices and the fragmentation of the software market that it entails will make it much harder to make fixes; the days when an institution can have a "standard build" on every PC with a single supported web browser which can be updated at need from central servers are numbered. As the report concludes, "The computer is smaller, lighter, and better connected than ever before, without the need for wires or bulky peripherals. In many cases, smart phones and other mobile devices are sufficient for basic computing needs, and only specialized tasks require a keyboard, large monitor, and a mouse. Mobiles are connected to  an  ecosystem  of  applications supported by cloud computing technologies that can be downloaded and used instantly, for pennies. As the capabilities and interfaces of small computing devices improve, our ideas about when — or whether — a traditional computer is necessary are changing as well."

It is also possible that some applications built for education using these technologies could present some challenges for IAM. It seems likely that no one will now be able to predict the uses to which these technologies can be used, and I'd suspect that the most interesting uses will be ones that no one has yet invented. There may well be other technologies which will prove more revolutionary in tertiary education in the UK than any of the twelve listed here, but which we don't know about.

A common thread to many of the technologies is linking individuals or information - and sharing is obviously a potential source of privacy issues. Indeed, the tone of the report seems to suggest that within the next few years, privacy will be an outmoded idea; we will all be willing to share just about everything online. Is this true, or even likely? While naive users continue to share everything that occurs to them without caring about or understanding security settings (e.g. on Facebook), there is at least some evidence that many users are now thinking more about what they post and what it might mean for them later on, when read by a prospective employer, for example. The recent "nym wars" (usefully summarised here with discussion relevant to how privacy should be seen in the future) show that many people put a high value on privacy and the possibility of keeping a real world identity secret in particular. To the list of challenges summarised at the end of the report, I would add the investigation of the developing attitudes to privacy and how they should affect implementation and use of the technologies from this report in tertiary education.