I was talking with a Cambridge University student recently, in particular about their University Card. It’s a very useful card, that in one way can be described very simply. As far as I understand, the card lets students, academics and staff across the university access rooms and services, by proving their identity electronically.
That’s something that’s easy to say but much harder to make happen. In the rest of this article, I will just scratch the surface of how much detail is hidden behind that one sentence above. I’ll get into some specifics, but as a way to illustrate more general points.
I could write the key sentence above on a postcard, and comfortably hold it with one finger and my thumb. Even if I stopped short of any code or physical devices, by the time all the detail behind the sentence had been unearthed, it would take pages and pages of typed text and diagrams. It would involve countless meetings and emails, persuading people, asking them questions, reviewing and discussing documents and so on. All of that is hidden behind one short sentence that, on one level at least, is easy to understand.
A complicated starting point
Before I get into the digging, I ought to explain a little bit of context. The most important is that Cambridge is a collegiate university, some parts of which are very old indeed. This has many implications and details, but I’ll try to limit this to just the basics.
Two quick implications first. Like many universities, some of the research is potentially dangerous, such as into contagious diseases or explosives, or involving very high voltages. Also, many of its assets are old and precious. This is things like very valuable old books, and gorgeous buildings such as King’s College Chapel. I’ll come back to these later rather than going into them further now.
The main complication is the collegiate part. To be a student you need to be a member of a college and also a member of a department. The college provides things like a room for you to live in (at least for your first year), a canteen, library and laundrette, clubs and societies you can join and a student union. The college organises supervisors (called tutors in most other universities) for you, provides pastoral care and other good things like that.
There is a great variety between colleges, and also a rivalry between them in things like sport and academic success. Some are big (like Trinity) and others are small (like Trinity Hall). Some are wealthy, others relatively poor; Peterhouse is over 700 years old, while Robinson is less than 50 years old. They manage their own affairs – they are certainly a bigger deal than the different halls of residence in other universities.
The university departments are where the research and lectures happen, and departments also have things like their own libraries.
Finally, there are things at the university level, such as a very big library, a centralised admissions process for students, further clubs and societies, and another student union. When you receive a degree, it’s issued by the university rather than by your college or department.
So, there are lots of people who are used to being in charge of things, and getting them to co-operate can be non-trivial.
You might think that this is an exception, and so not a useful general point. However, I had a very small part in the UK domestic smart meter design process, and the UK energy market makes the organisation chart of Cambridge University look simple and sensible. There are five different kinds of organisation involved in getting electricity into a home in the UK, even though you pay only one of them (your supplier) directly. It made the design of the smart meters possibly the most complicated (and hence expensive) in the world.
Sometimes it seems that an IT project needs a business transformation project to go ahead of it, simplifying the organisation first so that the IT change is easier to make. It’s like when someone asks for directions to somewhere and gets the answer: Well, I wouldn’t start from here. There are other examples from my career I could mention – the smart meter project wasn’t the only example of “well, I wouldn’t start from here”.
Scope of features
I think that a good place to start with the project rather than its context is its benefits and scope, both at the highest level.
An important, but possibly not immediately obvious, feature is the one-ring-to-rule-them-all part. There is nothing stopping departments and colleges from rolling their own ID cards, so that a student might end up with:
- A card to get into their department
- A card to get into their college
- A card to borrow books from their department library
- A card to borrow books from their college library
- A card to pay for food on account in the college canteen.
As far as the user experience and supporting technology are concerned, when focussed in as much as possible, this is no different from a universal card. The student waves a card near a reader, and something good happens. The benefit from a universal card is that the student has only one card.
Each time there’s an exception or asterisk, such that the student needs an extra card or key because the universal card doesn’t apply here, the benefit of the universal card is weakened. This has implications for the design stage of the project and its roll-out. It might be better to have a wide-but-shallow scope rather than a narrow-but-deep one.
By that I mean the project only does a few things, but can do those in many circumstances, rather than doing many things but only in a few circumstances. As the circumstances correspond to the different colleges and departments, each college or department might not feel it’s getting much out of the project for the effort they’re putting in, and so the global benefits would need to be communicated well.
So, in the case of libraries and canteens, the card could be linked to some kind of central account that keeps track of which books you have borrowed, how much debt or credit you have etc. However, this would be a university-level account, and students have historically paid bills to their college (who then passes on money to the university behind the scenes as necessary). It would make the system more wide-but-shallow if each college kept its own canteen and library systems (with the payment and other infrastructure that went with them), and just used the card as a way of identifying someone to those systems.
Administration of users
When a new student joins the university, at some point they will need to be issued with their card. There are some questions to answer about this, even though it might seem simple.
Is there a universal student id, that is the only id for the student anywhere in the university? Or does the card have its own id and point to a college student id and a department student id? If there’s a universal student id, who creates them and when, and how are they communicated to all the people who need to know by the time they need it?
Given the large number of students, and how quickly the student population changes, it’s probably worth some help and structure around the administration of users. For instance, instead of saying user X can access doors A-C, but user Y can access doors A-Q etc, it might be easier to say user X is in group 1 (for instance, undergraduates at a particular college), and everyone in group 1 can access doors A-C, but user Y is in group 2 (for instance, academics at a particular college) and everyone in group 2 can access doors A-Q. This introduces a bit of extra looking up, but reduces the volume of data that needs to be set up and changed.
It would make sense if decision making were pushed to as low a level as possible, to stop there being a bottleneck who has to make all the decisions. If things were pushed all the way down it would mean there would be an administrator in a college saying:
- Student X is in group C1 (e.g. undergraduate students at the college)
- Group C1 has access to doors A-C
While there would also be an administrator in a department saying:
- Student X (the same student) is in group D1 (e.g. undergraduate students at the department)
- Group D1 has access to doors P-X
What’s to stop a college administrator accidentally adding or removing a student from a department group and vice versa? What’s to stop a college administrator from saying that members of a group can access a door in a particular department?
It seems that groups and doors need an owner, and only the owner can add people or doors to a group or remove people or doors from it. Even the permission system at a high level is more complicated than might be obvious at the start.
Reviewing with different kinds of user
This brings me onto another aspect that might not be obvious from the one sentence summary: how many different kinds of people this will affect. It would make sense that anything designed and decided centrally is checked by the relevant people. Otherwise, something might be imposed that does more than is needed, doesn’t do all that is needed, or is so unpleasant to use that it’s abandoned.
Beyond the card holders, the different kinds of user I can think of off the top of my head are:
- College and department admins (create new people, retire people, change who can access what)
- College and department maintenance people (install / repair / replace / remove readers)
- College, department and central librarians
- College canteen management and finance staff
- Central university admissions
- Central IT service
- College and department IT service
There are far more cats to herd than might be apparent to start with. This takes people with good organisation and people skills, on top of the people who can design and implement things.
So far, I’ve been neglecting the physical side of things – the cards and readers. The readers need to be reliable, secure, quick to respond, cope with cold/hot/wet weather, and be compatible with Grade 1 listed buildings such as King’s College chapel. While doing all this, they also can’t be too expensive because there are going to be a lot of them.
When a new reader is commissioned, this will probably need a special device or special software / account on a laptop as the readers don’t have a screen. Who gives out the devices / software / accounts? Given all the permission-related detail I’ve already touched on, if a reader has broken and is being replaced, it would make life easier if the new reader could inherit all the permissions related to the old one. This is a different use case to installing a reader for the first time, e.g. on a new building.
Does each reader know everything, or are they dumb and have to phone home for each request? A reader that knows everything will probably be more expensive than a dumb one, but a dumb one needs a more reliable and hence expensive network behind it. There could be a middle ground where a reader can cache N cards seen in e.g. the last week that were authorised OK. This reduces the load on the network as the reader gets to know people a bit, but it lets people access the room or service for up to a week after they’ve been shut out, unless you can empty caches remotely.
How do they fail e.g. in a power cut, fire or network outage? (See the question of dumb vs. smart readers above.) Do they have a battery? How long will it last? How will emergency services, e.g. fire fighters, get in when they have to? Will they need a card with god-like permission? Is there a physical override?
Again, the reader is more complicated than might first appear.
Having said that the benefit of the card depends on how universal it is, we need to consider things that might be an exception.
Should the card unlock student’s rooms? If it doesn’t, then the student would need a physical key for their room and their card for everything else. If it does, then the number of readers necessary will greatly increase – there are over 10,000 undergraduates at the university. Not all of them have rooms in college, but many thousand do.
This would add to the cost and administrative burden, as unlike most other doors, each student would need to be individually linked to their room’s reader rather than going via a group. Also, there is the privacy issue to consider. Who needs to and so should have the right to know when a student goes into their room? (At least at the college the student I spoke to attends, they have a physical key for the student rooms.)
Student rooms are one special case, but not the only one. There are some libraries, or sections of libraries, that hold particularly rare or old books. These have special fire protection, restricted access etc. Is a card reader limited to only a very few people enough, or do these libraries need a special key? This question might be one for the college or department to decide, or might involve people like insurers.
A similar question, but at a greater level, arises in places like laboratories where dangerous things happen as mentioned earlier. Here there might be laws that specify what security arrangements must be in place, and so the card will need to checked against those. Will it already comply? Would the card and/or reader need to be special for just those rooms and users? Or would the whole system need to be bolstered to comply? If it’s the latter it might not be worth it, so a separate physical key or card might be a better approach.
Some bits of the university organisation chart have blurry edges in that they are joint ventures with outside organisations. This could be something like a research lab at Addenbookes Hospital involving a medical research organisation, or a nanotechnology research lab near the Cavendish lab. Do only the academics get cards, or do the outsiders too, or maybe no-one?
Real life is messy, and systems that want to interact with it need to decide how to handle this.
Having many levels and different kinds of people is useful
As I hope you can see by now, there are many kinds of work to do here. There needs to be a vision – the one sentence summary that everyone can understand. John F Kennedy summarised the Apollo project very simply: I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the Moon and returning him safely to the Earth.
It is surprisingly hard to come up with a good vision (it’s much easier to come up with a bad one). This is both in terms of picking the goal, and in terms of expressing it well. Both of these take skill. It’s easy to dismiss the vision people as out of touch, arrogant, not caring about the difficult detail etc. But a good vision can organise and motivate a lot of people to action.
A vision alone isn’t good enough, as this article suggests. There need to be people who worry about details, who ask what could go wrong, who imagine who might affected and how. They can be dismissed as obstructive or negative, people paralysed by needing one last answer before they feel comfortable proceeding. But the worriers help unearth things that the vision people hadn’t thought of, and make the project go more quickly in the long run.
There also need to be people who coordinate the moving parts, who persuade and keep track. They produce neither the vision nor the details, so it’s easy to overlook their contribution. They can be seen as overhead, but glue work is often valuable, and without it things fall apart.
If you haven’t already, I suggest that you look at something like Belbin team analysis (there are similar things based on colours). Projects need different kinds of work to be done, which fit the strengths and natural inclinations of people differently. It’s important to be open to your own limitations and how other people can be different from you but still help you.
This is already enormous and there’s much I’m leaving out. I hope that you get a sense of how big a chasm there can be between the one line summary of a project and its completion. This chasm isn’t made any smaller by adding the word ‘just’, as in “Can’t you just build a university-wide electronic ID card?”
A great many kinds of work, involving different kinds of people usually need to be done. The different kinds of user affected by the project aren’t always obvious from the start. Real life is messy, and a project often has to confront at least some mess.
Another thing to bear in mind is the end user experience. Even after all the work, by all the people, a measure of success is when users don’t notice the cards and readers. The cards, readers etc. are a means to an end – getting into a room, borrowing a library book etc. If the user doesn’t even remember that they used their card to do this, then that’s success. It should just work, all the time. Aiming for ‘delighting the user’ is silly in this situation – success is zero irritation (and zero delight).