Thursday, 18 November 2010

Authenticating in Academia

Back in August I blogged about a UMich blog service that had a number of means to authenticate user comments but not Shibboleth or a local UMich id.

This actually is quite a serious problem, as if agree that there is scholarly communication taking place in the blogosphere, we want comments to be authenticated, if only as a hurdle to prevent the comment system from being gummed up with salacious e-mail invitations from loose moralled East European floozies and invitations to buy various types of performance enhancing drugs which I have no need for.

We probably don't wish t restrict comments to people who can authenticate via shibboleth as there are range of people who can't provide a shib based id.

Valid reasons include:
  • Their university doesn't yet provide an IdP
  • They work for a non .edu institution, eg .gov or .org
  • They're an adjunct or an affiliate and use a non .edu account for correspondance
So how to solve the problem.

Clearly one needs to provide an authentication mechanism that allows people to authenticate by a range of means, but I didn't have a solution until I came across this email from Bob Morgan on one of the Shibboleth lists:

In my recent talk at the Internet2 Member Meeting I showed some examples of sites accepting both SAML-based federated signon and OpenID (eg NIH). In the same session Russ Yount from CMU talked about their plans for a "social network" proxy/gateway for their environment. As an aside, I observe that sites interested in this kind of thing these days tend not to focus on OpenID per se but on whatever protocol is needed to bring in the sites where the users are (OAuth for Twitter, proprietary for Facebook, etc). This protocol standardization failure creates a market opportunity for services like Janrain and Gigya.

If you'd like I could put you in touch with the people at UW who put together this interface:

https://isds-auth.cirg.washington.edu/distribute-auth-gate/gate.php?req=%2F

which supports UW and ProtectNetwork via InCommon, and Google via OpenID.

Which probably would do the job really nicely, except that we still have the problem of knowing who someone is and more importantly weighting their comments.

The (possible) need to weight comments of course comes from the need to provide some evidence of peer review - in the points means prizes world of contemporary academia, if one wants to have one's blogging considered as evidence of professional esteem one needs to show that one is having some sort of meaningful interchange with one's peers.

However it's not just counting .edu's after all there is nothing to stop Professor V. Eminent happening across your work via the facebook Byzantine Prosopography group and using his facebook account to post a comment.

So in a federated world how do we assess weight ? Or should we just not bother?

1 comment:

tenthmedieval said...

I think that we shouldn't bother. with an abstruse topic on which expert opinion is really necessary, the kook will be easy to spot (and, indeed, may have been moderated out) and the expert, if s/he turns up, will be easy to spot also. In the sphere where more general misconceptions are in play, the general group will be able to contend until or instead of an expert weighs in. Okay, particularly persistent trolls or people with bees in their bonnets can still poison discussion by sheer weight, as witness soc.history.medieval of yore, but overall I think individual informed comment is recognisable by those who care, which means that an OpenID or similar that lets someone be linked back to another sphere where their thinking or posting can be contextualised is enough. So I think, anyway.