Thinking About Credentials

Although usage of the word is subtly different in the US from the UK, where we tend to apply it to qualifications, it has the same ultimate meaning. Adena Schutzberg thinks we’ll be hearing a lot more of the word this year for single sign-on services.

At the end of 2016, Geoff Nunberg, who covers language for one of my favourite radio shows, chose “normal” as his word of the year. He noted that the term’s widespread use last year was “a sign that we’re living in extraordinary times.” My word for 2016 is “credential.” When I joined Esri last July I was given credentials to access company data and services. Later in the year, when I started swimming at the city pool, I found myself using a credential, my driver’s licence, to gain access at a discounted rate. These days I spend a great deal of my working hours creating, managing, and pondering other people’s credentials. In particular, I work to make sense of, create, explain and send out new credentials to Esri’s Massive Open Online Course (MOOC) students.

What is a Credential?

One thing I’ve learned is that the term credential, as used in IT, is new to many students. I like this concise definition: credentials refer to information used to control access to resources. If you are reading this column, you are likely to have credentials to access GIS data and services on local, distant, and cloud-hosted platforms. And, you probably have credentials for websites and online services you use outside of work. I have credentials to access my grocery store’s online loyalty programme and credentials to access my gym’s reservation system to claim a bike for spin class.

Identity

These credentials are becoming more important as software systems demand identity-based access. Salesforce, SharePoint, and SAP use the idea of an identity (a set of named user credentials) to provide access to the appropriate content to the appropriate individual. Esri is doing that, too.

Single Sign-on

Esri, like many companies, uses an identity management tool that provides single sign on (SSO). That means that one set of credentials provides access to a laundry list of services. While SSO is a great idea, it can be hard to get every resource and service under one umbrella. A friend who works at a major Internet-focused company jokes that he has seven SSOs! The good news is that standards are maturing in the SSO space, so there is hope that SSO may really mean SSO in time.

Students and Credentials

It’s not uncommon for an online course, either one offered for college credit or one that’s less formal like a MOOC, to require credentials for two or more services. I took an EdX course that required both access to the EdX platform, a learning management system (LMS) and a second platform where students could publish their assignment on the Web. For Esri’s MOOC offerings we do something similar: students need credentials for both the LMS and the Web GIS platform. Having been a MOOC student myself, and having watched many thousands of students in MOOCs in the recent months, I’ve tuned in to how difficult it can be to keep track of these two sets of credentials. It does not matter that students need to track “just” two more sets than usual, or that the credentials are needed for only a few weeks.

Securing Credentials

While exploring credential management for MOOC students I found a list of “Do’s and Don’ts” for passwords. Brian Krebs, of Krebs on Security wrote, “My views on the advisability of keeping a written list of your passwords have evolved over time. I tend to agree with noted security expert Bruce Schneier, when he advises users not to worry about writing down passwords. Just make sure you don’t store the information in plain sight. . .” The more I thought about that statement, the more confident I was that “writing credentials down” was at least part of the solution to preventing my students’ credential trouble.

What’s Ahead?

I suspect that before GIS practitioners have fewer credentials, we’ll have more of them. And, like the MOOC students, we’ll need to think through credential management, both for our work and personal lives. Perhaps “credentials” or even “identity” will be your word of the year for 2017.

This article was published in GIS Professional February 2017