FW: 08.12.09: OMobile learning; handheld learning?’ What do we mean?

Phil
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Phil Redman
Schools ICT Strategy Manager
Inclusion & = Standards=20 Division
Children & Young People's Service=20 (CYPS)
<<http://lambeth.lgfl.net/>>
(020 792) 69855
07931 787=20 441
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Making a=20 difference

One of our schools is interested in signing up with Mathletics but is= =20 troubled about the issue of providing children's names and details to a thi= rd=20 party. I have visited the web site ( http://www.mathletics.co.uk/) and their p= rivacy=20 policy is certainly clear but some further references would be helpful..

It would help reassure her if I could put her in contact with some pri= mary=20 schools who use Mathlectics and can provide a suitable reference for = the=20 site. There is one school at Nottingham which she is following up. However = if=20 anyone out there in ether land can provide more detail about this sit= e, it=20 would be appreciated.

Andrew=20 Ferrier

ICT Schools Manager=20

ICT Mark Assessor (URN 0605026)

Bromley EDC
Church Lane Princes=20 Plain

Bromley BR2 8LD

http://ictbromley.ethink.org.uk= =20

Phn 0208 461 6224

Mobile:=20 07876356532

imus ad m= agum ozi=20 videndum, magum ozi mirum mirissimum

---- London Borough of Bromley E-Mail Discla= imer=20 ----

"For information about Bromley Council visit our web site=20 www.bromley.gov.uk"

"The information contained in this message (incl= uding=20 any attachments) is confidential in that it is intended solely for the use = of=20 the recipient, the use of the information by disclosure, copying or distrib= ution=20 is prohibited and may be unlawful."

---- End of Disclaimer=20 ----

Disclaimers apply for= full details see http://www.lambeth.gov.uk/EmailDisclaimer.htm
<= /BODY> ------_=_NextPart_001_01CA72A6.3FFDFE77-- From Shirley.Hackett@dudley.gov.uk Tue Dec 1 19:44:25 2009 From: Shirley.Hackett@dudley.gov.uk (Shirley Hackett) Date: Tue, 1 Dec 2009 19:44:25 -0000 Subject: [Advisory] Mathletics- experiences from other schools References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> Message-ID: <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> This is a multi-part message in MIME format. ------_=_NextPart_001_01CA72BE.B0153314 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Phil I think the suggestion of sending in a file from MIS with pupil info is really quite dangerous without a data processing agreement being in place and there being a secure site for the information to be held in =20 =20 Shirley Hackett Education Improvement Adviser - ICT DGfL - Ashleigh House Ednam Rd=20 Dudley DY1 1HL Phone 01384 814270 Fax 01384 814271 Mobile 07900161425 Please think of the environment and only print this email if necessary From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Redman,Phil Sent: 01 December 2009 16:49 To: Ferrier, Andrew; advisory@talk.naace.org Subject: RE: [Advisory] Mathletics- experiences from other schools =20 Hi =20 It is not necessary to send pupils names etc., to Mathletics. You can set up your own school roll within the admin part of the program. Sending in a spreadsheet extracted from your MIS software just makes the whole process a lot quicker and easier. =20 Hope this helps. =20 Regards =20 Phil :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Phil Redman Schools ICT Strategy Manager=20 Inclusion & Standards Division Children & Young People's Service (CYPS) <> (020 792) 69855 07931 787 441 :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:=20 Making a difference=20 =20 =20 _____ =20 From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Ferrier, Andrew Sent: 01 December 2009 12:22 To: 'advisory@talk.naace.org' Subject: [Advisory] Mathletics- experiences from other schools =20 One of our schools is interested in signing up with Mathletics but is troubled about the issue of providing children's names and details to a third party. I have visited the web site ( http://www.mathletics.co.uk/) and their privacy policy is certainly clear but some further references would be helpful.. =20 It would help reassure her if I could put her in contact with some primary schools who use Mathlectics and can provide a suitable reference for the site. There is one school at Nottingham which she is following up. However if anyone out there in ether land can provide more detail about this site, it would be appreciated. =20 Andrew Ferrier ICT Schools Manager=20 ICT Mark Assessor (URN 0605026) Bromley EDC Church Lane Princes Plain Bromley BR2 8LD http://ictbromley.ethink.org.uk =20 =20 Phn 0208 461 6224 Mobile: 07876356532 =20 imus ad magum ozi videndum, magum ozi mirum mirissimum =20 =20 ---- London Borough of Bromley E-Mail Disclaimer ---- "For information about Bromley Council visit our web site www.bromley.gov.uk" "The information contained in this message (including any attachments) is confidential in that it is intended solely for the use of the recipient, the use of the information by disclosure, copying or distribution is prohibited and may be unlawful." ---- End of Disclaimer ---- Disclaimers apply for full details see http://www.lambeth.gov.uk/EmailDisclaimer.htm This Email and any attachments contains confidential=20 information and is intended solely for the individual to whom=20 it is addressed. If this Email has been misdirected, please=20 notify the author as soon as possible. If you are not the=20 intended recipient you must not disclose, distribute, copy,=20 print or rely on any of the information contained, and all=20 copies must be deleted immediately.Whilst we take reasonable=20 steps to try to identify any software viruses, any attachments=20 to this e-mail may nevertheless contain viruses which our anti- virus software has failed to identify. You should therefore=20 carry out your own anti-virus checks before opening any=20 documents.Dudley Metropolitan Borough Council will not accept=20 any liability for damage caused by computer viruses emanating=20 from any attachment or other document supplied with this e-mail. Please consider the environment - do you need to print this e-mail? ------_=_NextPart_001_01CA72BE.B0153314 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Phil

I think the suggestion of sending in a file from MIS with pupil info is rea= lly quite dangerous without a data processing agreement being in place and th= ere being a secure site for the information to be held in

Shirley Hackett

Education Improvement Adviser - ICT=

DGfL - Ashleigh House
Ednam Rd

Dudley DY1 1HL

Phone 01384 814270

Fax      01384 814271

Mobile 07900161425

Please think of the environment and only print this email if necessary

From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Redman,Phil Sent: 01 December 2009 16:49
To: Ferrier, Andrew; advisory@talk.naace.org
Subject: RE: [Advisory] Mathletics- experiences from other schools=

Hi

It is not necessary to send pupils names etc., to Mathletics. You can set up= your own school roll within the admin part of the program. Sending in a spread= sheet extracted from your MIS software just makes the whole process a lot quick= er and easier.

Hope this helps.

Regards

Phil
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Phil Redman
Schools ICT Strategy Manager
Inclusion & Standards Division
Children & Young People's Service (CYPS)
<<http://lambeth.lgfl.net/>>
(020 792) 69855
07931 787 441
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Making a difference

From:= advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] O= n Behalf Of Ferrier, Andrew
Sent: 01 December 2009 12:22
To: 'advisory@talk.naace.org'
Subject: [Advisory] Mathletics- experiences from other schools

&nb= sp;

One= of our schools is interested in signing up with Mathletics but is troubled about= the issue of providing children's names and details to a third party. I have visited the web site ( http://ww= w.mathletics.co.uk/) and their privacy policy is certainly clear but some further references w= ould be helpful..

&nb= sp;

It = would help reassure her if I could put her in contact with some primary schools who = use Mathlectics and can provide a suitable reference for the site. Ther= e is one school at Nottingham which she is following up. However if anyone out= there in ether land can provide more detail about this site, it would be appreciated.

&nb= sp;

Andrew Ferrier

ICT Schools Manager

ICT Mark Assessor (URN 0605026)

Bromley EDC

Church Lane Princes Plain

Bromley BR2 8LD<= /o:p>

http://ictbromley.ethink.org.= uk

&nb= sp;

Phn 0208 461 6224=

Mobile: 07876356532

&nb= sp;

imus ad magum ozi videndum, magum ozi mirum mirissimum<= /i>

&nb= sp;

&nb= sp;

----= London Borough of Bromley E-Mail Disclaimer ----

"For information about Bromley Council visit our web site www.bromley.gov.uk"

"The information contained in this message (including any attachment= s) is confidential in that it is intended solely for the use of the recipient, = the use of the information by disclosure, copying or distribution is prohibit= ed and may be unlawful."

---- End of Disclaimer ----

Discl= aimers apply for full details see http://www.lambeth.gov.uk/EmailDisclaimer.htm<= /span>

This Email and any attachments contains confidential=20 information and is intended solely for the individual to whom=20 it is addressed. If this Email has been misdirected, please=20 notify the author as soon as possible. If you are not the=20 intended recipient you must not disclose, distribute, copy,=20 print or rely on any of the information contained, and all=20 copies must be deleted immediately.Whilst we take reasonable=20 steps to try to identify any software viruses, any attachments=20 to this e-mail may nevertheless contain viruses which our anti- virus software has failed to identify. You should therefore=20 carry out your own anti-virus checks before opening any=20 documents.Dudley Metropolitan Borough Council will not accept=20 any liability for damage caused by computer viruses emanating=20 from any attachment or other document supplied with this e-mail.

Please consider the environment - do you need to print this e-mail? ------_=_NextPart_001_01CA72BE.B0153314-- From mike@new-media-learning.org Wed Dec 2 07:56:34 2009 From: mike@new-media-learning.org (Mike Bostock) Date: Wed, 2 Dec 2009 07:56:34 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> Message-ID: <000d01ca7324$f8346280$e89d2780$@org> This is a multi-part message in MIME format. ------=_NextPart_000_000E_01CA7324.F8346280 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This issue is an important one to get right. If a school asks if it is safe to send pupil level data off to some company or organisation, I am not sure what the authoritative answer would be. It is a good one for Naace members to be certain of. Becta has a useful page at : http://schools.becta.org.uk/index.php?catcode=ss_lv_saf_dp_03 &rid=14734§ion=lv There is a useful 'Dos and Don'ts' document which talks about using encryption amongst other things. I would like to see some advice on how a school ensures how that data is used once it gets to whoever it is intended for. I would expect privacy policies, Data Protection Act and CRB checks to be mentioned - but I haven't yet discovered a good source of reference. Can anyone throw some light on whether there is a (short) statement that would represent a good practical answer to the original question? Mike Bostock From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Shirley Hackett Sent: 01 December 2009 19:44 To: Redman,Phil; Ferrier, Andrew; advisory@talk.naace.org Subject: RE: [Advisory] Mathletics- experiences from other schools Phil I think the suggestion of sending in a file from MIS with pupil info is really quite dangerous without a data processing agreement being in place and there being a secure site for the information to be held in Shirley Hackett Education Improvement Adviser - ICT DGfL - Ashleigh House Ednam Rd Dudley DY1 1HL Phone 01384 814270 Fax 01384 814271 Mobile 07900161425 Please think of the environment and only print this email if necessary From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Redman,Phil Sent: 01 December 2009 16:49 To: Ferrier, Andrew; advisory@talk.naace.org Subject: RE: [Advisory] Mathletics- experiences from other schools Hi It is not necessary to send pupils names etc., to Mathletics. You can set up your own school roll within the admin part of the program. Sending in a spreadsheet extracted from your MIS software just makes the whole process a lot quicker and easier. Hope this helps. Regards Phil :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Phil Redman Schools ICT Strategy Manager Inclusion & Standards Division Children & Young People's Service (CYPS) <> (020 792) 69855 07931 787 441 :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-: Making a difference _____ From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Ferrier, Andrew Sent: 01 December 2009 12:22 To: 'advisory@talk.naace.org' Subject: [Advisory] Mathletics- experiences from other schools One of our schools is interested in signing up with Mathletics but is troubled about the issue of providing children's names and details to a third party. I have visited the web site ( http://www.mathletics.co.uk/) and their privacy policy is certainly clear but some further references would be helpful.. It would help reassure her if I could put her in contact with some primary schools who use Mathlectics and can provide a suitable reference for the site. There is one school at Nottingham which she is following up. However if anyone out there in ether land can provide more detail about this site, it would be appreciated. Andrew Ferrier ICT Schools Manager ICT Mark Assessor (URN 0605026) Bromley EDC Church Lane Princes Plain Bromley BR2 8LD http://ictbromley.ethink.org.uk Phn 0208 461 6224 Mobile: 07876356532 imus ad magum ozi videndum, magum ozi mirum mirissimum ---- London Borough of Bromley E-Mail Disclaimer ---- "For information about Bromley Council visit our web site www.bromley.gov.uk" "The information contained in this message (including any attachments) is confidential in that it is intended solely for the use of the recipient, the use of the information by disclosure, copying or distribution is prohibited and may be unlawful." ---- End of Disclaimer ---- Disclaimers apply for full details see http://www.lambeth.gov.uk/EmailDisclaimer.htm This Email and any attachments contains confidential information and is intended solely for the individual to whom it is addressed. If this Email has been misdirected, please notify the author as soon as possible. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained, and all copies must be deleted immediately.Whilst we take reasonable steps to try to identify any software viruses, any attachments to this e-mail may nevertheless contain viruses which our anti- virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.Dudley Metropolitan Borough Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. Please consider the environment - do you need to print this e-mail? ------=_NextPart_000_000E_01CA7324.F8346280 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

This issue is an important one to get right.
If a school asks if it is safe to send pupil level data off to some = company or organisation, I am not sure what the authoritative answer would be.
It is a good one for Naace members to be certain of.

Becta has a useful page at :

http://schools.becta.org.uk/index.php?ca= tcode=3Dss_lv_saf_dp_03&rid=3D14734&section=3Dlv

There is a useful ‘Dos and Don’ts’ document which = talks about using encryption amongst other things.

I would like to see some advice on how a school ensures = how that data is used once it gets to whoever it is intended for. I would = expect privacy policies, Data Protection Act and CRB checks to be mentioned = - but I haven’t yet discovered a good source of reference.

Can anyone throw some light on whether there is a (short) statement that = would represent a good practical answer to the original question?

Mike Bostock

From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Shirley = Hackett
Sent: 01 December 2009 19:44
To: Redman,Phil; Ferrier, Andrew; advisory@talk.naace.org
Subject: RE: [Advisory] Mathletics- experiences from other = schools

Phil<= /span>

I think the suggestion of sending in a file from MIS with pupil info is = really quite dangerous without a data processing agreement being in place and = there being a secure site for the information to be held = in

Shirley Hackett

Education Improvement Adviser - ICT

DGfL - Ashleigh House

Ednam Rd

Dudley DY1 1HL

Phone 01384 814270

Fax  &= nbsp;   01384 814271

Mobile 07900161425

Please think of the environment and only print this email if = necessary

From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of = Redman,Phil
Sent: 01 December 2009 16:49
To: Ferrier, Andrew; advisory@talk.naace.org
Subject: RE: [Advisory] Mathletics- experiences from other = schools

Hi

It is not necessary to send pupils names etc., to Mathletics. You can set = up your own school roll within the admin part of the program. Sending in a = spreadsheet extracted from your MIS software just makes the whole process a lot = quicker and easier.

Hope this helps.

Regards

Phil
= :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Phil Redman
= Schools ICT Strategy Manager
= Inclusion & Standards Division
Children & Young People's Service (CYPS)
<<http://lambeth.lgfl.net/>>
(020 792) 69855
07931 787 441
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Making a = difference

From:= advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] = On Behalf Of Ferrier, Andrew
Sent: 01 December 2009 12:22
To: 'advisory@talk.naace.org'
Subject: [Advisory] Mathletics- experiences from other = schools

One of our schools is interested in signing up with Mathletics but is troubled = about the issue of providing children's names and details to a third party. I have = visited the web site ( http://www.mathletics.co.uk/) and their privacy policy is certainly clear but some further references = would be helpful..

It = would help reassure her if I could put her in contact with some primary schools who = use Mathlectics and can provide a suitable reference for the site. = There is one school at Nottingham which she is following up. However if anyone = out there in ether land can provide more detail about this site, it would be = appreciated.

Andrew Ferrier

ICT Schools Manager

ICT Mark Assessor (URN 0605026)

Bromley EDC

Church Lane Princes Plain

Bromley BR2 8LD

http://ictbromley.ethink.org.= uk

Phn 0208 461 6224

Mobile: 07876356532

imus ad magum ozi videndum, magum ozi mirum = mirissimum

---- London Borough of Bromley E-Mail Disclaimer ----

"For information about Bromley Council visit our web site www.bromley.gov.uk"

"The information contained in this message (including any = attachments) is confidential in that it is intended solely for the use of the recipient, = the use of the information by disclosure, copying or distribution is = prohibited and may be unlawful."

---- End of Disclaimer ----

Disclaimers apply for full details see = http://www.lambeth.gov.uk/EmailDisclaimer.htm

This Email and any attachments contains confidential information and is intended solely for the individual to whom it is addressed. If this = Email has been misdirected, please notify the author as soon as possible. If you = are not the intended recipient you must not disclose, distribute, copy, print or = rely on any of the information contained, and all copies must be deleted immediately.Whilst we take reasonable steps to try to identify any = software viruses, any attachments to this e-mail may nevertheless contain viruses = which our anti- virus software has failed to identify. You should therefore = carry out your own anti-virus checks before opening any documents.Dudley = Metropolitan Borough Council will not accept any liability for damage caused by = computer viruses emanating from any attachment or other document supplied with = this e-mail.

Please consider the environment - do you need to print this = e-mail?

------=_NextPart_000_000E_01CA7324.F8346280-- From mberry@bcs.org Wed Dec 2 08:18:53 2009 From: mberry@bcs.org (Miles Berry) Date: Wed, 2 Dec 2009 08:18:53 +0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <000d01ca7324$f8346280$e89d2780$@org> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> Message-ID: <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> I'm a big fan of Google Apps for schools, and I could imagine others having a similar enthusiasm for live@edu, but have a nagging concern about using cloud based services to store pupil level data; I have a passing acquaintance with safe harbour agreements, and know Google are registered as part of the programme, but wonder if this is enough to set my mind at ease. Best wishes, Miles. 2009/12/2 Mike Bostock : > This issue is an important one to get right. > If a school asks if it is safe to send pupil level data off to some company > or organisation, I am not sure what the authoritative answer would be. > It is a good one for Naace members to be certain of. > > Becta has a useful page at : > > http://schools.becta.org.uk/index.php?catcode=ss_lv_saf_dp_03&rid=14734§ion=lv > > There is a useful �Dos and Don�ts� document which talks about using > encryption amongst other things. > > I would like to see some advice on how a school ensures how that data is > used once it gets to whoever it is intended for.� I would expect privacy > policies, Data Protection Act and CRB checks to be mentioned �- but I > haven�t yet discovered a good source of reference. > > Can anyone throw some light on whether there is a (short) statement that > would represent a good practical answer to the original question? > > Mike Bostock > ... -- Miles Berry Senior Lecturer, ICT | Roehampton University | roehampton.ac.uk | 0208 392 3241 Community Manager | Open Source Schools | opensourceschools.org.uk | 07779 628656 Blogger | milesberry.net Twit | twitter.com/mberry From mberry@bcs.org Wed Dec 2 08:37:21 2009 From: mberry@bcs.org (Miles Berry) Date: Wed, 2 Dec 2009 08:37:21 +0000 Subject: [Advisory] Computing at School newsletter Message-ID: <5946b8ad0912020037l4d6907a7t5fa6e5c1014fb7e1@mail.gmail.com> Naace members may be interested in reading the first newsletter from the Computing at School group, just published at http://www.computingatschool.org.uk/files/newsletter/SwitchedOnIssue01.pdf Share and enjoy. Miles. -- Miles Berry Senior Lecturer, ICT | Roehampton University | roehampton.ac.uk | 0208 392 3241 Community Manager | Open Source Schools | opensourceschools.org.uk Blogger | milesberry.net Twit | twitter.com/mberry From crispin.weston@alphalearning.co.uk Wed Dec 2 08:39:02 2009 From: crispin.weston@alphalearning.co.uk (Crispin Weston) Date: Wed, 2 Dec 2009 08:39:02 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> Message-ID: I agree with Miles. We have been having a similar discussion within SALTIS re. VLE-to-learning-service interoperability, as part of the BECTA/ISB content packaging profile discussions. The position being taken by the requirements for this project is that there should be a Chinese wall around the school platform (including MIS and VLE) outside which student identity should not go. The VLE should therefore send to third-party content services a unique but anonymous identifier for a student, as well as a term of address (and in future, perhaps other key data for licensing purposes, such as school membership, and for profiling purposes such as competency, preference and accessibility data). So the content service would know that this was "Fred" with an ID of "{25892e17-80f6-415f-9c65-7395632f0223}" who was the *same* Fred that did some work last Friday - but nothing more. I anticipate that the profile work will be backed by guidelines which would make clear that, to preserve the anonymity of the identifier, compliant content services should not solicit personal details from students. I think the business of tracking "trusted" third-party services would be bureaucratic nightmare, which would erect unnecessary barriers in the way of new entrants to the market. Crispin. > -----Original Message----- > From: advisory-admin@talk.naace.org [mailto:advisory- > admin@talk.naace.org] On Behalf Of Miles Berry > Sent: 02 December 2009 08:19 > To: advisory@talk.naace.org > Subject: Re: [Advisory] Sending pupil-level data outside of the > school > > I'm a big fan of Google Apps for schools, and I could imagine others > having a similar enthusiasm for live@edu, but have a nagging concern > about using cloud based services to store pupil level data; I have a > passing acquaintance with safe harbour agreements, and know Google > are > registered as part of the programme, but wonder if this is enough to > set my mind at ease. > > Best wishes, > Miles. > > 2009/12/2 Mike Bostock : > > This issue is an important one to get right. > > If a school asks if it is safe to send pupil level data off to > some company > > or organisation, I am not sure what the authoritative answer would > be. > > It is a good one for Naace members to be certain of. > > > > Becta has a useful page at : > > > > > http://schools.becta.org.uk/index.php?catcode=ss_lv_saf_dp_03&rid=14 > 734§ion=lv > > > > There is a useful �Dos and Don�ts� document which talks about > using > > encryption amongst other things. > > > > I would like to see some advice on how a school ensures how that > data is > > used once it gets to whoever it is intended for.� I would expect > privacy > > policies, Data Protection Act and CRB checks to be mentioned �- > but I > > haven�t yet discovered a good source of reference. > > > > Can anyone throw some light on whether there is a (short) > statement that > > would represent a good practical answer to the original question? > > > > Mike Bostock > > > ... > > > > -- > Miles Berry > Senior Lecturer, ICT | Roehampton University | roehampton.ac.uk | > 0208 392 3241 > Community Manager | Open Source Schools | opensourceschools.org.uk | > 07779 628656 > Blogger | milesberry.net > Twit | twitter.com/mberry > > _______________________________________________ > Advisory mailing list Advisory@talk.naace.org > http://talk.naace.org/mm/listinfo/advisory > To unsubscribe send a message to Advisory-admin@talk.naace.org with > the body text: > > unsubscribe Advisory YourEmailAddress > > or: send a message to Advisory-request@talk.naace.org > with the body text: > > unsubscribe YourPassword YourEmailAddress From p.browning@slcs.ac.uk Wed Dec 2 09:01:45 2009 From: p.browning@slcs.ac.uk (Paul Browning) Date: Wed, 02 Dec 2009 09:01:45 +0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> Message-ID: <4B162CF9.9050301@slcs.ac.uk> Crispin Weston wrote: > I think the business of tracking "trusted" third-party services would be > bureaucratic nightmare, which would erect unnecessary barriers in the way of > new entrants to the market. Is this not where the UKAMF comes in? http://www.ukfederation.org.uk/ Paul -- Paul Browning ICT Director National Science Learning Centre Tel 01904 328300 Providing innovative and inspiring professional development for science teachers, lecturers and support staff from around the UK http://www.slcs.ac.uk/national -------------------------------------- Myscience.co Limited, Trading as the National Science Learning Centre. Company registered in England and Wales, Company Number 05081097. Registered Office: National Science Learning Centre, University of York, Heslington, York, North Yorkshire Y010 5DD. From mkendall@embc.org.uk Wed Dec 2 09:50:12 2009 From: mkendall@embc.org.uk (Mike Kendall) Date: Wed, 2 Dec 2009 09:50:12 +0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <4B162CF9.9050301@slcs.ac.uk> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> <4B162CF9.9050301@slcs.ac.uk> Message-ID: <47F72C87390F16439038F821453FAA1E3B84E61432@EMBC-TBC-VEM-02.resource.EMBC.Local> There has been considerable investment by LAs, RBCs and suppliers to establish the trust relationships between identity providers and content providers, although for many people the work has not been visible or understood. The implementation of Shibboleth lead by UKAMF has been and continues to be a priority area for investment through the Harnessing Technology grant. The UK Federation is currently revising its strategy and delivery as the demand and expectation for such identity assurance and trust schemes continues to grow. The demand for such assurance schemes through federations moves across sectors, it is not just for education including schools and is increasingly international. The schools sector part of UKAMF is funded by Becta. The UKAMF policy board and working groups do have schools sector representatives - I am on the policy board as a schools sector representative. There are close working relations with the ISB to ensure joined up activity and outcomes. Mike -----Original Message----- From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Paul Browning Sent: 02 December 2009 09:02 To: advisory@talk.naace.org Subject: Re: [Advisory] Sending pupil-level data outside of the school Crispin Weston wrote: > I think the business of tracking "trusted" third-party services would be > bureaucratic nightmare, which would erect unnecessary barriers in the way of > new entrants to the market. Is this not where the UKAMF comes in? http://www.ukfederation.org.uk/ Paul -- Paul Browning ICT Director National Science Learning Centre Tel 01904 328300 Providing innovative and inspiring professional development for science teachers, lecturers and support staff from around the UK http://www.slcs.ac.uk/national -------------------------------------- Myscience.co Limited, Trading as the National Science Learning Centre. Company registered in England and Wales, Company Number 05081097. Registered Office: National Science Learning Centre, University of York, Heslington, York, North Yorkshire Y010 5DD. _______________________________________________ Advisory mailing list Advisory@talk.naace.org http://talk.naace.org/mm/listinfo/advisory To unsubscribe send a message to Advisory-admin@talk.naace.org with the body text: unsubscribe Advisory YourEmailAddress or: send a message to Advisory-request@talk.naace.org with the body text: unsubscribe YourPassword YourEmailAddress From nik.peachey@btinternet.com Wed Dec 2 13:43:26 2009 From: nik.peachey@btinternet.com (Nik Peachey) Date: Wed, 2 Dec 2009 13:43:26 +0000 (GMT) Subject: [Advisory] Platforms for creating live online webseminars Message-ID: <432679.94685.qm@web86408.mail.ird.yahoo.com> Hi All I'm investigating platforms for live webseminars and wondered if anyone had any recommendations beyond these ones.The platform would need to be able to cope with a scale of upto 100 attendees. Adobe connect DimDim Eluminate WiZiQ Instant presenter GoToWebinar Also if anyone has links to archived webseminar presentations that would be handy too. Thanks Nik Peachey | Learning Technology Consultant, Writer, Trainer Teacher Development: http://nikpeachey.blogspot.com/ News and Tips: http://quickshout.blogspot.com/ Student Activities: http://daily-english-activities.blogspot.com/ On Social media: http://bloggingandsocialmedia.blogspot.com/ On Twitter: http://twitter.com/NikPeachey From Christina Preston Wed Dec 2 14:43:51 2009 From: Christina Preston (Allison Allen) Date: Wed, 2 Dec 2009 14:43:51 +0000 Subject: [Advisory] 08.12.09: 'Mobile learning; handheld learning?' What do we mean? Message-ID: <05B61107ADE5754D95CFDABCB010BD9438A0B1C968@MAIL3.lgflmail.org> --_000_05B61107ADE5754D95CFDABCB010BD9438A0B1C968MAIL3lgflmail_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Apologies for cross-posting Colleagues, this free seminar with excellent speakers and the debate sessio= n will be of interest. See below for details. Book now before spaces run out! Best Wishes Allison Outstream, London ---....--- Naace members are welcome to join us face to face or online at our last Mi= randaMod before Xmas... 08.12.09: 'Mobile learning; handheld learning?' What do we mean? Free event with refreshments. WLE Centre, Institute of Education, University of London, 20 Bedford Way, W= C1H 0AL Nearest tube Russell Square. (http://www.wlecentre.ac.uk/) You can also participate online on Flash meeting and in developing a colla= borative map of our professional knowledge so far on each topic. Register on MirandaNet (www.mirandanet.ac.uk/mirandamods/ ) Seminar and round table: 1600 - 1800 Four speakers with contrasting viewpoints Norbert Pachler, M-Learning group (www.wlecentre.ac.uk ) Graham Brown-Martin, Handheld Learning (www.handheldlearning.2009.com ) John Traxler, Professor of Mobile Learning ( http:= //home.wlv.ac.uk/~cm1990/ ) Elizabeth Hartnell-Young, Research Fellow ( http= ://www.lsri.nottingham.ac.uk/Staff/Elizabeth_Hartnell-Young.php) Followed by the MirandaMod debate: 1800 -2100 Register here to join in the debate http://mirandamod.wikispaces.com/ Thanks to our partners: WLE Centre, Institute of Education University of London, Becta, Steljes an= d Inspiration ------ End of Forwarded Message ------ End of Forwarded Message --_000_05B61107ADE5754D95CFDABCB010BD9438A0B1C968MAIL3lgflmail_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable FW: 08.12.09: OMobile learning; handheld learning?’ What do we mean?

Apologies for cross-posting

Colleagues, this free seminar with excellent speakers and the debate session will be of interest. See below for details.

Book now before spaces run out!

Best Wishes

Allison

Outstream, London        =

---....---<= /o:p>

Naace members are wel= come to join us face to face or online at our last MirandaMod before Xmas.= ..

08.12.09: ‘Mobile learning; handheld learning?’ What do we mean?
Free event with refreshments.
WLE Centre, Institute of Education, University of London, 20 Bedford Way, W= C1H 0AL
Nearest tube Russell Square. (http://www.wlecentre.ac.uk/)

You can also participate online on Flash meeting and in developing a collaborat= ive map of our professional knowledge so far on each topic.

Register on MirandaNet (www.mirandanet.ac.uk/mirandamods/ <http://www.mirandanet.ac.= uk/mirandamods/> <http://www.= mirandanet.ac.uk/mirandamods/> ) &= nbsp;

Seminar and round table: 1600 – 1800
Four speakers with contrasting viewpoints

Norbert Pachler= , M-Learning group (www.wlecentre.ac.uk )
  Graham Brown-Martin, Handheld Learning (www.handheldlearning.2009.com )

          &nb= sp;            =   John Traxler, Professor of Mobile Learning ( http://home.wlv.ac.uk/~cm1990/ )
            &nb= sp;            =   Elizabeth Hartnell-Young, Research Fellow ( http://www.lsri.nottingham.ac.uk/Staff/Elizabeth_Hartnell-Young.php)

Followed by the

MirandaMod deb= ate: 1800 -2100

Register here to join in the debate
http://mirandamod.wikispaces.= com/ <http://mirandamod.wikispaces.com= />

Thanks to our partners:
WLE Centre, Institute of Education University of London, Becta, Steljes and Inspiration



------ End of Forwarded Message

------ End of Forwarded Message

--_000_05B61107ADE5754D95CFDABCB010BD9438A0B1C968MAIL3lgflmail_-- From Frances.Burton@ja.net Wed Dec 2 17:04:42 2009 From: Frances.Burton@ja.net (Frances Burton) Date: Wed, 2 Dec 2009 17:04:42 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> Message-ID: <6ED388AA006C454BA35B0098396B9BFB06536942@uxsrvr20.atlas.ukerna.ac.uk> I agree with Paul here, what you describe is exactly the process a SAML profile such as Shibboleth will do to authenticate a user to access an online service. The UK Access Management Federation provides the "trust" fabric that underpins the use of the technology. I think it's important to distinguish here, though, between data you pass to authenticate a user to access a service and the data you provide to the third party that provisions the service - such as class and pupil data for remote hosted VLEs. Passing this data comes very much in the realm of the DPA and the guidance from the ICO is very clear on what can or cannot be passed inside and outside the EU as well as within those zones that have safe harbour agreements. Their guidance notes are very helpful with this http://www.ico.gov.uk/what_we_cover/data_protection.aspx The UK federation exists to facilitate and promote the privacy preserving authentication to online services and content, it is funded for the schools sector in England and is free to participate in for organisations serving the education community in the UK. Please do contact me if you would like any further info on the take up of Federated Access Management in the UK schools sector Kind regards Frances Burton Schools & FE Co-ordinator: UK federation JANET (UK) -----Original Message----- From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Crispin Weston Sent: 02 December 2009 08:39 To: 'Miles Berry'; advisory@talk.naace.org Subject: RE: [Advisory] Sending pupil-level data outside of the school I agree with Miles. We have been having a similar discussion within SALTIS re. VLE-to-learning-service interoperability, as part of the BECTA/ISB content packaging profile discussions. The position being taken by the requirements for this project is that there should be a Chinese wall around the school platform (including MIS and VLE) outside which student identity should not go. The VLE should therefore send to third-party content services a unique but anonymous identifier for a student, as well as a term of address (and in future, perhaps other key data for licensing purposes, such as school membership, and for profiling purposes such as competency, preference and accessibility data). So the content service would know that this was "Fred" with an ID of "{25892e17-80f6-415f-9c65-7395632f0223}" who was the *same* Fred that did some work last Friday - but nothing more. I anticipate that the profile work will be backed by guidelines which would make clear that, to preserve the anonymity of the identifier, compliant content services should not solicit personal details from students. I think the business of tracking "trusted" third-party services would be bureaucratic nightmare, which would erect unnecessary barriers in the way of new entrants to the market. Crispin. > -----Original Message----- > From: advisory-admin@talk.naace.org [mailto:advisory- > admin@talk.naace.org] On Behalf Of Miles Berry > Sent: 02 December 2009 08:19 > To: advisory@talk.naace.org > Subject: Re: [Advisory] Sending pupil-level data outside of the > school > > I'm a big fan of Google Apps for schools, and I could imagine others > having a similar enthusiasm for live@edu, but have a nagging concern > about using cloud based services to store pupil level data; I have a > passing acquaintance with safe harbour agreements, and know Google > are > registered as part of the programme, but wonder if this is enough to > set my mind at ease. > > Best wishes, > Miles. > > 2009/12/2 Mike Bostock : > > This issue is an important one to get right. > > If a school asks if it is safe to send pupil level data off to > some company > > or organisation, I am not sure what the authoritative answer would > be. > > It is a good one for Naace members to be certain of. > > > > Becta has a useful page at : > > > > > http://schools.becta.org.uk/index.php?catcode=ss_lv_saf_dp_03&rid=14 > 734§ion=lv > > > > There is a useful 'Dos and Don'ts' document which talks about > using > > encryption amongst other things. > > > > I would like to see some advice on how a school ensures how that > data is > > used once it gets to whoever it is intended for.� I would expect > privacy > > policies, Data Protection Act and CRB checks to be mentioned �- > but I > > haven't yet discovered a good source of reference. > > > > Can anyone throw some light on whether there is a (short) > statement that > > would represent a good practical answer to the original question? > > > > Mike Bostock > > > ... > > > > -- > Miles Berry > Senior Lecturer, ICT | Roehampton University | roehampton.ac.uk | > 0208 392 3241 > Community Manager | Open Source Schools | opensourceschools.org.uk | > 07779 628656 > Blogger | milesberry.net > Twit | twitter.com/mberry > > _______________________________________________ > Advisory mailing list Advisory@talk.naace.org > http://talk.naace.org/mm/listinfo/advisory > To unsubscribe send a message to Advisory-admin@talk.naace.org with > the body text: > > unsubscribe Advisory YourEmailAddress > > or: send a message to Advisory-request@talk.naace.org > with the body text: > > unsubscribe YourPassword YourEmailAddress _______________________________________________ Advisory mailing list Advisory@talk.naace.org http://talk.naace.org/mm/listinfo/advisory To unsubscribe send a message to Advisory-admin@talk.naace.org with the body text: unsubscribe Advisory YourEmailAddress or: send a message to Advisory-request@talk.naace.org with the body text: unsubscribe YourPassword YourEmailAddress JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG From crispin.weston@alphalearning.co.uk Thu Dec 3 08:22:49 2009 From: crispin.weston@alphalearning.co.uk (Crispin Weston) Date: Thu, 3 Dec 2009 08:22:49 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <4B162CF9.9050301@slcs.ac.uk> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> <4B162CF9.9050301@slcs.ac.uk> Message-ID: <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> > Is this not where the UKAMF comes in? > > http://www.ukfederation.org.uk/ Hi Paul, Yes and no! And apologies in advance for the essay. You have to face the fact that, five years after its initial roll-out for the schools sector, take-up of Shibboleth, particularly by commercial publishers, remains poor. Personally, I have always had my reservations about Shibboleth, believing that, at least as originally conceived, it implemented an inappropriate, HE model. It assumed that students would land on whatever resource they wanted and this resource would call back, via a "Where are you from" service, to fetch whatever personal data the service required from the identity provider. Back in I think 2004, my principle objections were (1) the clunky "Where are you from" service pretty much defeated the whole object of single sign-on, which was to make sign-on transparent. (2) at schools level, students will access resources *through* the VLE gateway. Given this model and given proper attention to VLE interoperability, the VLE can handle authorisation transparently without the unnecessary complexity of Shibboleth (diagram at http://www.saltis.org/shib.gif). (3) Shibboleth requires commercial content providers to implement special authorisation services. This may not be a great burden to larger publishers (though I understand that the technology has not always been easy to work with). But it is often prohibitive for small cottage industries which, if there is to be a healthy supply of innovative learning services, must not be excluded from the market. (4) the amount of personal data that gets thrown across the net just to support an authorisation process which does not actually need any personal data at all (a product key or school-level username/password might suffice). My understanding is that Shibboleth has moved in two significant directions since 2004: (1) to remove the WAYF by the use of "wayfless urls", the WAYF being found to be unnecessary where students, as predicted, tend to access content through the VLE (this addresses problems 1 & 2, though, if you had started with this assumption, you would not have adopted Shibboleth in the first place); and (2) to remove any personal data from the profile, ending up with an anonymous ID and an affiliation to a school (addressing point 4). As Frances I think suggests, Shibboleth is not really suited for use as a provisioning system, which would be better managed by a SIF-like system. My own view is that both these developments are moves in the right direction and open up opportunities for convergence between existing SAML/Shibboleth implementations and new content packaging technologies. Let me try and explain why I think the convergence is required. 1. Everything is moving, as stated above, in the direction of wayfless urls. Here is an example of a wayfless url: https://idp.protectnetwork.org/protectnetwork-idp/SSO?target=https%3A%2F%2Fg abriel.lse.ac.uk%2Fsimon%2Fcgi-bin%2Fprintenv.pl&shire=https%3A%2F%2Fgabriel .lse.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=urn%3Amace%3Aac.uk%3Asd ss.ac.uk%3Aprovider%3Aservice%3Agabriel.lse.ac.uk This essentially combines the URL of the site being visited with all the information required to manage authentication via a particular identity provider. These wayfless URLs need therefore to be created separately for every institution and for every specific link which the institution wants to provide for its learners. The creation of wayfless URLs may be a trivial task for university computer departments, but for a small primary school, I suspect that it is a bit of a show-stopper. There is a need for content to be disaggregated, so that teachers can send their students straight to the particular piece of content that is required for a lesson or homework - this means that there need to a lot of very teacher-specific links to be created. What is needed is for content to distributed (in content packages) without any school-specific authentication and authorisation data, but with whatever data is required to enable the VLE to add automatically the learner-specific authentication and authorisation data required to access the remote site transparently. Transparent authorisation of disaggregated content is an essential prerequisite for the effective integration of content with VLEs - and Shibboleth, even after 5 years of development, does not yet provide a viable solution. 2. The publishing industry perceives that a key pedagogical requirement is to achieve data integration with the school VLE, e.g. for the storing of marks in a common markbook, the saving of state and the returning of student product for marking and sharing. This requires that third-party content calls back to an API provided by the school VLE. If content providers need, for pedagogical reasons, to implement this callback anyway, and all the student identity information is held by the school VLE anyway, why should the content providers implement two callbacks where one will do? I would ask two further questions (and they are genuine questions - there may well be good answers): 1. If it is now recognised that data being passed via Shibboleth should be restricted to anonymous data, why is the bureaucratic overhead of a trust federation required at all? There is a pressing need to encourage innovation in the market and any unnecessary barrier to entering the market should be removed. Why should I have to establish that I trust someone before I send them anonymous data? 2. If the industry can implement this functionality without all the bodging involved with the creation of wayfless urls, and all the student identity information is held in any case in school MIS/VLEs, then why do we need duplicate systems to be run at local authority level? What I expect is a convergence of SAML/Shibboleth technology and SCORM-type technologies being used for content-VLE integration. I am hoping that SALTIS will be able to set up a working group in the early summer to look at this, on the back of the outcomes of the BECTA/ISB content packaging project, and we would welcome the participation of the UKAMF and anyone else working in this space. Details of the content packaging project are at http://www.saltis.org/papers.htm. Crispin. From mkendall@embc.org.uk Thu Dec 3 08:41:43 2009 From: mkendall@embc.org.uk (Mike Kendall) Date: Thu, 3 Dec 2009 08:41:43 +0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> <4B162CF9.9050301@slcs.ac.uk> <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> Message-ID: <47F72C87390F16439038F821453FAA1E3B84E61457@EMBC-TBC-VEM-02.resource.EMBC.Local> All of this seems to be based on the ubiquity of the VLEs. I have also had conversations recently with smaller publishers who have commented how surprisingly easy it has been to enable Shibboleth once they had decided to do commit to doing it - this is in the context of embc. I do agree that WAYFLESS urls and sensible ones are necessary. Mike -----Original Message----- From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Crispin Weston Sent: 03 December 2009 08:23 To: 'Paul Browning'; advisory@talk.naace.org Subject: RE: [Advisory] Sending pupil-level data outside of the school > Is this not where the UKAMF comes in? > > http://www.ukfederation.org.uk/ Hi Paul, Yes and no! And apologies in advance for the essay. You have to face the fact that, five years after its initial roll-out for the schools sector, take-up of Shibboleth, particularly by commercial publishers, remains poor. Personally, I have always had my reservations about Shibboleth, believing that, at least as originally conceived, it implemented an inappropriate, HE model. It assumed that students would land on whatever resource they wanted and this resource would call back, via a "Where are you from" service, to fetch whatever personal data the service required from the identity provider. Back in I think 2004, my principle objections were (1) the clunky "Where are you from" service pretty much defeated the whole object of single sign-on, which was to make sign-on transparent. (2) at schools level, students will access resources *through* the VLE gateway. Given this model and given proper attention to VLE interoperability, the VLE can handle authorisation transparently without the unnecessary complexity of Shibboleth (diagram at http://www.saltis.org/shib.gif). (3) Shibboleth requires commercial content providers to implement special authorisation services. This may not be a great burden to larger publishers (though I understand that the technology has not always been easy to work with). But it is often prohibitive for small cottage industries which, if there is to be a healthy supply of innovative learning services, must not be excluded from the market. (4) the amount of personal data that gets thrown across the net just to support an authorisation process which does not actually need any personal data at all (a product key or school-level username/password might suffice). My understanding is that Shibboleth has moved in two significant directions since 2004: (1) to remove the WAYF by the use of "wayfless urls", the WAYF being found to be unnecessary where students, as predicted, tend to access content through the VLE (this addresses problems 1 & 2, though, if you had started with this assumption, you would not have adopted Shibboleth in the first place); and (2) to remove any personal data from the profile, ending up with an anonymous ID and an affiliation to a school (addressing point 4). As Frances I think suggests, Shibboleth is not really suited for use as a provisioning system, which would be better managed by a SIF-like system. My own view is that both these developments are moves in the right direction and open up opportunities for convergence between existing SAML/Shibboleth implementations and new content packaging technologies. Let me try and explain why I think the convergence is required. 1. Everything is moving, as stated above, in the direction of wayfless urls. Here is an example of a wayfless url: https://idp.protectnetwork.org/protectnetwork-idp/SSO?target=https%3A%2F%2Fg abriel.lse.ac.uk%2Fsimon%2Fcgi-bin%2Fprintenv.pl&shire=https%3A%2F%2Fgabriel .lse.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=urn%3Amace%3Aac.uk%3Asd ss.ac.uk%3Aprovider%3Aservice%3Agabriel.lse.ac.uk This essentially combines the URL of the site being visited with all the information required to manage authentication via a particular identity provider. These wayfless URLs need therefore to be created separately for every institution and for every specific link which the institution wants to provide for its learners. The creation of wayfless URLs may be a trivial task for university computer departments, but for a small primary school, I suspect that it is a bit of a show-stopper. There is a need for content to be disaggregated, so that teachers can send their students straight to the particular piece of content that is required for a lesson or homework - this means that there need to a lot of very teacher-specific links to be created. What is needed is for content to distributed (in content packages) without any school-specific authentication and authorisation data, but with whatever data is required to enable the VLE to add automatically the learner-specific authentication and authorisation data required to access the remote site transparently. Transparent authorisation of disaggregated content is an essential prerequisite for the effective integration of content with VLEs - and Shibboleth, even after 5 years of development, does not yet provide a viable solution. 2. The publishing industry perceives that a key pedagogical requirement is to achieve data integration with the school VLE, e.g. for the storing of marks in a common markbook, the saving of state and the returning of student product for marking and sharing. This requires that third-party content calls back to an API provided by the school VLE. If content providers need, for pedagogical reasons, to implement this callback anyway, and all the student identity information is held by the school VLE anyway, why should the content providers implement two callbacks where one will do? I would ask two further questions (and they are genuine questions - there may well be good answers): 1. If it is now recognised that data being passed via Shibboleth should be restricted to anonymous data, why is the bureaucratic overhead of a trust federation required at all? There is a pressing need to encourage innovation in the market and any unnecessary barrier to entering the market should be removed. Why should I have to establish that I trust someone before I send them anonymous data? 2. If the industry can implement this functionality without all the bodging involved with the creation of wayfless urls, and all the student identity information is held in any case in school MIS/VLEs, then why do we need duplicate systems to be run at local authority level? What I expect is a convergence of SAML/Shibboleth technology and SCORM-type technologies being used for content-VLE integration. I am hoping that SALTIS will be able to set up a working group in the early summer to look at this, on the back of the outcomes of the BECTA/ISB content packaging project, and we would welcome the participation of the UKAMF and anyone else working in this space. Details of the content packaging project are at http://www.saltis.org/papers.htm. Crispin. _______________________________________________ Advisory mailing list Advisory@talk.naace.org http://talk.naace.org/mm/listinfo/advisory To unsubscribe send a message to Advisory-admin@talk.naace.org with the body text: unsubscribe Advisory YourEmailAddress or: send a message to Advisory-request@talk.naace.org with the body text: unsubscribe YourPassword YourEmailAddress From leonie.ramondt@anglia.ac.uk Thu Dec 3 10:48:21 2009 From: leonie.ramondt@anglia.ac.uk (Leonie Ramondt) Date: Thu, 03 Dec 2009 10:48:21 +0000 Subject: [Advisory] Platforms for creating live online webseminars In-Reply-To: <432679.94685.qm@web86408.mail.ird.yahoo.com> Message-ID: thanks for your list, I notice you're missing cheap n cheerful Glance.net and industry standard Webex warm wishes, Leonie -- Leonie Ramondt 01245 684358/ 0845 1964358 07970 571375 http://myprofile.cos.com/ramondt leonie.ramondt@anglia.ac.uk Inspire www.inspire.anglia.ac.uk Anglia Ruskin University Bishop Hall Lane Chelmsford Essex CM1 1SQ Interested in accessibility practice? For information on making documents accessible, visit http://www.inspire.anglia.ac.uk/rlo/ and for on how to make your curriculum accessible visit http://anglia.ac.uk/teachinclusive On 2/12/09 13:43, "Nik Peachey" wrote: > Hi All > > I'm investigating platforms for live webseminars and wondered if anyone had > any recommendations beyond these ones.The platform would need to be able to > cope with a scale of upto 100 attendees. > > Adobe connect > DimDim > Eluminate > WiZiQ > Instant presenter > GoToWebinar > > Also if anyone has links to archived webseminar presentations that would be > handy too. > > Thanks > > > Nik Peachey | Learning Technology Consultant, Writer, Trainer > Teacher Development: http://nikpeachey.blogspot.com/ > News and Tips: http://quickshout.blogspot.com/ > Student Activities: http://daily-english-activities.blogspot.com/ > On Social media: http://bloggingandsocialmedia.blogspot.com/ > On Twitter: http://twitter.com/NikPeachey > > _______________________________________________ > Advisory mailing list Advisory@talk.naace.org > http://talk.naace.org/mm/listinfo/advisory > To unsubscribe send a message to Advisory-admin@talk.naace.org with the body > text: > > unsubscribe Advisory YourEmailAddress > > or: send a message to Advisory-request@talk.naace.org > with the body text: > > unsubscribe YourPassword YourEmailAddress -- EMERGING EXCELLENCE: In the Research Assessment Exercise (RAE) 2008, more than 30% of our submissions were rated as 'Internationally Excellent' or 'World-leading'. Among the academic disciplines now rated 'World-leading' are Allied Health Professions & Studies; Art & Design; English Language & Literature; Geography & Environmental Studies; History; Music; Psychology; and Social Work & Social Policy & Administration. Visit www.anglia.ac.uk/rae for more information. This e-mail and any attachments are intended for the above named recipient(s)only and may be privileged. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone please reply to this e-mail to highlight the error and then immediately delete the e-mail from your system. Any opinions expressed are solely those of the author and do not necessarily represent the views or opinions of Anglia Ruskin University. Although measures have been taken to ensure that this e-mail and attachments are free from any virus we advise that, in keeping with good computing practice, the recipient should ensure they are actually virus free. Please note that this message has been sent over public networks which may not be a 100% secure communications Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems From p.browning@slcs.ac.uk Thu Dec 3 11:26:16 2009 From: p.browning@slcs.ac.uk (Paul Browning) Date: Thu, 03 Dec 2009 11:26:16 +0000 Subject: [Advisory] Platforms for creating live online webseminars In-Reply-To: <432679.94685.qm@web86408.mail.ird.yahoo.com> References: <432679.94685.qm@web86408.mail.ird.yahoo.com> Message-ID: <4B17A058.6020907@slcs.ac.uk> Nik Peachey wrote: > Hi All > > I'm investigating platforms for live webseminars and wondered if > anyone had any recommendations beyond these ones.The platform would > need to be able to cope with a scale of upto 100 attendees. > > Adobe connect DimDim Eluminate WiZiQ Instant presenter GoToWebinar > > Also if anyone has links to archived webseminar presentations that > would be handy too. > We've been using Breeze/Connect for a number of years and find it very useful (especially for screen sharing and/or remote control of remote desktops) and firewall tolerant (in the way standard video conferencing is not). As we've never exceeded a dozen or so end-points I will have to leave others to comment its ability to scale. One moan we do have is that, whilst you can record meetings, you cannot export them and can only view them within Breeze/Connect. If you want an "open archive" of webseminars then this may be a show stopper. Paul From debara71@hotmail.com Thu Dec 3 13:15:15 2009 From: debara71@hotmail.com (david bara) Date: Thu, 3 Dec 2009 13:15:15 +0000 Subject: [Advisory] RE: Rose review article in the TES In-Reply-To: <4B17A058.6020907@slcs.ac.uk> References: <432679.94685.qm@web86408.mail.ird.yahoo.com>,<4B17A058.6020907@slcs.ac.uk> Message-ID: --_aa84e264-42a8-43f3-90d0-8d2b0aa90a5e_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi=2C does any remember back in September an article was going to be writt= en in the TES about the Rose Review. =20 any ideas if the article was published and if so where was it published. =20 ta in advance=20 David =20 _________________________________________________________________ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/= --_aa84e264-42a8-43f3-90d0-8d2b0aa90a5e_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
=3BHi=2C does any remember back in September an article was going = to be written in the TES about the Rose Review.
=3B
any ideas if the article was published and if so where was it published. =3B
ta in advance
David

Have more than one Hotmail account? Lin= k them together to easily access both. = --_aa84e264-42a8-43f3-90d0-8d2b0aa90a5e_-- From Frances.Burton@ja.net Thu Dec 3 16:59:17 2009 From: Frances.Burton@ja.net (Frances Burton) Date: Thu, 3 Dec 2009 16:59:17 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> <4B162CF9.9050301@slcs.ac.uk> <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> Message-ID: <6ED388AA006C454BA35B0098396B9BFB06536B3B@uxsrvr20.atlas.ukerna.ac.uk> Hi Crispin You are right that the WAYF is clunky but is designed as a backstop solution to the discovery issue in FAM. It is, at present, undergoing a review of its design by a working group from across all the education sectors but this aside, the best way to achieve discovery in federated access management is to avoid it altogether. WAYFless URLS do look complicated and they are also subject to a review at present by a working group looking at their format and standardisation. However, authentication for services will always have a requirement to work with individual service providers, whether through FAM or not. The UK federation provides the trust fabric that underpins the technology. Those that sign up to the rules of membership basically agree to tell the truth so Service Providers can have confidence that the impersonal data they are getting is related to an authentic individual. There are local solutions to authentication but the strength of regional deployments are in the opportunity for wider benefits. They have the potential to relieve the school of the burden of credential administration and the burden for, particularly smaller service providers, generating and administering login details. SPs are happy to be able to sell their services on a regional level and not have to administer logins for figures like 750,000 users per region. The 14-19 agenda has students working in both school and college and a regional deployment at LA/RBC level gives the flexibility for those users to authenticate with one set of credentials rather than having separate accounts created in College and School. It also allows access to resources for pupils who are not always in a school setting, even if they are associated with one region but physically working from another. It is my understanding that Local Authorities have a responsibility for identity management and have operational requirements for accessing the data held in school MIS, therefore, school controlled MIS data is already being re-used at LA level. Given that this information has a place at LA/RBC level then there is an opportunity to provide authentication to access not just online services, but for parents to access children's assessment data, staff to access email services, and simplified sign-on, based on roles, being finely granulated to authenticate a user to access services in one school as a teacher, another as a parent or governor and, perhaps, the LA as a student. Identity management in this context cannot be achieved inside a VLE but can be applied equally to a VLE. Therefore the benefits of a UK wide Access management system are not just in school, and not just within the needs of educational content in VLE's, there are other regional systems and services that can benefit from a robust and privacy preserving authentication system. Details of case studies for regional deployments in the schools sector can be found at http://www.ukfederation.org.uk/content/Documents/CaseStudies. Kind regards Frances -----Original Message----- From: advisory-admin@talk.naace.org [mailto:advisory-admin@talk.naace.org] On Behalf Of Crispin Weston Sent: 03 December 2009 08:23 To: 'Paul Browning'; advisory@talk.naace.org Subject: RE: [Advisory] Sending pupil-level data outside of the school > Is this not where the UKAMF comes in? > > http://www.ukfederation.org.uk/ Hi Paul, Yes and no! And apologies in advance for the essay. You have to face the fact that, five years after its initial roll-out for the schools sector, take-up of Shibboleth, particularly by commercial publishers, remains poor. Personally, I have always had my reservations about Shibboleth, believing that, at least as originally conceived, it implemented an inappropriate, HE model. It assumed that students would land on whatever resource they wanted and this resource would call back, via a "Where are you from" service, to fetch whatever personal data the service required from the identity provider. Back in I think 2004, my principle objections were (1) the clunky "Where are you from" service pretty much defeated the whole object of single sign-on, which was to make sign-on transparent. (2) at schools level, students will access resources *through* the VLE gateway. Given this model and given proper attention to VLE interoperability, the VLE can handle authorisation transparently without the unnecessary complexity of Shibboleth (diagram at http://www.saltis.org/shib.gif). (3) Shibboleth requires commercial content providers to implement special authorisation services. This may not be a great burden to larger publishers (though I understand that the technology has not always been easy to work with). But it is often prohibitive for small cottage industries which, if there is to be a healthy supply of innovative learning services, must not be excluded from the market. (4) the amount of personal data that gets thrown across the net just to support an authorisation process which does not actually need any personal data at all (a product key or school-level username/password might suffice). My understanding is that Shibboleth has moved in two significant directions since 2004: (1) to remove the WAYF by the use of "wayfless urls", the WAYF being found to be unnecessary where students, as predicted, tend to access content through the VLE (this addresses problems 1 & 2, though, if you had started with this assumption, you would not have adopted Shibboleth in the first place); and (2) to remove any personal data from the profile, ending up with an anonymous ID and an affiliation to a school (addressing point 4). As Frances I think suggests, Shibboleth is not really suited for use as a provisioning system, which would be better managed by a SIF-like system. My own view is that both these developments are moves in the right direction and open up opportunities for convergence between existing SAML/Shibboleth implementations and new content packaging technologies. Let me try and explain why I think the convergence is required. 1. Everything is moving, as stated above, in the direction of wayfless urls. Here is an example of a wayfless url: https://idp.protectnetwork.org/protectnetwork-idp/SSO?target=https%3A%2F %2Fg abriel.lse.ac.uk%2Fsimon%2Fcgi-bin%2Fprintenv.pl&shire=https%3A%2F%2Fgab riel .lse.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=urn%3Amace%3Aac.uk% 3Asd ss.ac.uk%3Aprovider%3Aservice%3Agabriel.lse.ac.uk This essentially combines the URL of the site being visited with all the information required to manage authentication via a particular identity provider. These wayfless URLs need therefore to be created separately for every institution and for every specific link which the institution wants to provide for its learners. The creation of wayfless URLs may be a trivial task for university computer departments, but for a small primary school, I suspect that it is a bit of a show-stopper. There is a need for content to be disaggregated, so that teachers can send their students straight to the particular piece of content that is required for a lesson or homework - this means that there need to a lot of very teacher-specific links to be created. What is needed is for content to distributed (in content packages) without any school-specific authentication and authorisation data, but with whatever data is required to enable the VLE to add automatically the learner-specific authentication and authorisation data required to access the remote site transparently. Transparent authorisation of disaggregated content is an essential prerequisite for the effective integration of content with VLEs - and Shibboleth, even after 5 years of development, does not yet provide a viable solution. 2. The publishing industry perceives that a key pedagogical requirement is to achieve data integration with the school VLE, e.g. for the storing of marks in a common markbook, the saving of state and the returning of student product for marking and sharing. This requires that third-party content calls back to an API provided by the school VLE. If content providers need, for pedagogical reasons, to implement this callback anyway, and all the student identity information is held by the school VLE anyway, why should the content providers implement two callbacks where one will do? I would ask two further questions (and they are genuine questions - there may well be good answers): 1. If it is now recognised that data being passed via Shibboleth should be restricted to anonymous data, why is the bureaucratic overhead of a trust federation required at all? There is a pressing need to encourage innovation in the market and any unnecessary barrier to entering the market should be removed. Why should I have to establish that I trust someone before I send them anonymous data? 2. If the industry can implement this functionality without all the bodging involved with the creation of wayfless urls, and all the student identity information is held in any case in school MIS/VLEs, then why do we need duplicate systems to be run at local authority level? What I expect is a convergence of SAML/Shibboleth technology and SCORM-type technologies being used for content-VLE integration. I am hoping that SALTIS will be able to set up a working group in the early summer to look at this, on the back of the outcomes of the BECTA/ISB content packaging project, and we would welcome the participation of the UKAMF and anyone else working in this space. Details of the content packaging project are at http://www.saltis.org/papers.htm. Crispin. _______________________________________________ Advisory mailing list Advisory@talk.naace.org http://talk.naace.org/mm/listinfo/advisory To unsubscribe send a message to Advisory-admin@talk.naace.org with the body text: unsubscribe Advisory YourEmailAddress or: send a message to Advisory-request@talk.naace.org with the body text: unsubscribe YourPassword YourEmailAddress JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG From crispin.weston@alphalearning.co.uk Fri Dec 4 08:24:16 2009 From: crispin.weston@alphalearning.co.uk (Crispin Weston) Date: Fri, 4 Dec 2009 08:24:16 -0000 Subject: [Advisory] Sending pupil-level data outside of the school In-Reply-To: <6ED388AA006C454BA35B0098396B9BFB06536B3B@uxsrvr20.atlas.ukerna.ac.uk> References: <58E46E5320A6C3469D830E8899FFE64993C0920CB8@LBBMBX01.corp.int.bromley.gov.uk> <14D4CB3A2DF6A14FA8ADA12BCD5DBA8D094B59B0@mail2.dudley.gov.uk> <000d01ca7324$f8346280$e89d2780$@org> <5946b8ad0912020018h316ea9bbke3490952136c4d69@mail.gmail.com> <4B162CF9.9050301@slcs.ac.uk> <2E4D3DEB934C44A4B753548D6E363B0C@DEVELOPMENT> <6ED388AA006C454BA35B0098396B9BFB06536B3B@uxsrvr20.atlas.ukerna.ac.uk> Message-ID: Hi Frances, Thanks for this background on current work regarding WAYFless urls. As argued in my previous post, it seems to me that this work will inevitably lead to solutions involving content packaging. Regarding trust, any system which requires people to tell the truth is inherently insecure, as well as involving the overhead of having to establish trusted status. Most medium secure systems rely on secrets, not truth-telling. Take for example, the simple system using basic web authentication illustrated at http://www.saltis.org/transparent_bwa.gif. In my view, this has two significant advantages over Shibboleth: it requires no-one to be trusted; and it does not require the publisher to do anything other for authentication than what the publisher is already doing (handing out username/password combinations). The only extra step required is for the encoding of authorisation methods within a content package. A third benefit is that this system uses cheap, automatic systems which can be provided commercially either to schools or in the local authority. It does not matter whether the technician sits and all he/she has to do is to enter a username/password at install time, just like any home user would. I am sure that you are aware that there are many schools that are unhappy with a model which forces them into adopting a Local Authority model of what software they should be buying. All the services you mention, such as email, role-based access, real-time reporting to parents, can all be provided by commercial systems sold to schools. I do not understand the argument for forcing a one-size-fits-all provision on schools at LA level. Economies of scale can be achieved more efficiently by successful commercial companies, operating in a competitive market, than by regional consortia. Basic Web Authentication is not necessarily suitable for everyone, so there might be a range of authentication and authorisation systems, including a SAML/Shibboleth-based system, which could be encoded in the content package. @ Mike - this does not depend on the ubiquity of VLEs any more than it depends on the ubiquity of Shibboleth identify providers - in fact, much less so. SSO is a very useful thing but it is not a critical function, not something that does not work at all unless everyone is doing it, and it might even be wasted on a school which is not using remote content services in the classroom yet. Why not let schools buy a cheap SSO solution when it is perceived to be needed in that school? And my proposed first-step solution, using basic web authentication, requires publishers to do nothing extra for authentication than what they are doing already, so there is no sense that they need to be reassured that the basic infrastructure is already in place. And whether or not Shibboleth is easy for publishers to implement (I have heard both favourable and unfavourable reports of this), the fact remains that it needs to be implemented and, after 5 years, it is not much implemented except where companies are specifically paid to implement it. My solution requires no extra implementation at all, other than a robust content packaging spec, on which work is now being done and which the publishing industry is very keen to implement. Crispin. > -----Original Message----- > From: advisory-admin@talk.naace.org [mailto:advisory- > admin@talk.naace.org] On Behalf Of Frances Burton > Sent: 03 December 2009 16:59 > To: advisory@talk.naace.org > Subject: RE: [Advisory] Sending pupil-level data outside of the > school > > Hi Crispin > > You are right that the WAYF is clunky but is designed as a backstop > solution to the discovery issue in FAM. It is, at present, > undergoing a > review of its design by a working group from across all the > education > sectors but this aside, the best way to achieve discovery in > federated > access management is to avoid it altogether. > > WAYFless URLS do look complicated and they are also subject to a > review > at present by a working group looking at their format and > standardisation. However, authentication for services will always > have a > requirement to work with individual service providers, whether > through > FAM or not. > > The UK federation provides the trust fabric that underpins the > technology. Those that sign up to the rules of membership basically > agree to tell the truth so Service Providers can have confidence > that > the impersonal data they are getting is related to an authentic > individual. > > There are local solutions to authentication but the strength of > regional > deployments are in the opportunity for wider benefits. They have the > potential to relieve the school of the burden of credential > administration and the burden for, particularly smaller service > providers, generating and administering login details. SPs are happy > to > be able to sell their services on a regional level and not have to > administer logins for figures like 750,000 users per region. > > The 14-19 agenda has students working in both school and college and > a > regional deployment at LA/RBC level gives the flexibility for those > users to authenticate with one set of credentials rather than having > separate accounts created in College and School. It also allows > access > to resources for pupils who are not always in a school setting, even > if > they are associated with one region but physically working from > another. > > It is my understanding that Local Authorities have a responsibility > for > identity management and have operational requirements for accessing > the > data held in school MIS, therefore, school controlled MIS data is > already being re-used at LA level. > > Given that this information has a place at LA/RBC level then there > is an > opportunity to provide authentication to access not just online > services, but for parents to access children's assessment data, > staff to > access email services, and simplified sign-on, based on roles, being > finely granulated to authenticate a user to access services in one > school as a teacher, another as a parent or governor and, perhaps, > the > LA as a student. Identity management in this context cannot be > achieved > inside a VLE but can be applied equally to a VLE. Therefore the > benefits > of a UK wide Access management system are not just in school, and > not > just within the needs of educational content in VLE's, there are > other > regional systems and services that can benefit from a robust and > privacy > preserving authentication system. > > Details of case studies for regional deployments in the schools > sector > can be found at > http://www.ukfederation.org.uk/content/Documents/CaseStudies. > > Kind regards > > Frances > > > > -----Original Message----- > From: advisory-admin@talk.naace.org > [mailto:advisory-admin@talk.naace.org] On Behalf Of Crispin Weston > Sent: 03 December 2009 08:23 > To: 'Paul Browning'; advisory@talk.naace.org > Subject: RE: [Advisory] Sending pupil-level data outside of the > school > > > Is this not where the UKAMF comes in? > > > > http://www.ukfederation.org.uk/ > Hi Paul, > Yes and no! And apologies in advance for the essay. > You have to face the fact that, five years after its initial roll- > out > for > the schools sector, take-up of Shibboleth, particularly by > commercial > publishers, remains poor. > Personally, I have always had my reservations about Shibboleth, > believing > that, at least as originally conceived, it implemented an > inappropriate, > HE > model. It assumed that students would land on whatever resource they > wanted > and this resource would call back, via a "Where are you from" > service, > to > fetch whatever personal data the service required from the identity > provider. > Back in I think 2004, my principle objections were > (1) the clunky "Where are you from" service pretty much defeated the > whole > object of single sign-on, which was to make sign-on transparent. > (2) at schools level, students will access resources *through* the > VLE > gateway. Given this model and given proper attention to VLE > interoperability, the VLE can handle authorisation transparently > without > the > unnecessary complexity of Shibboleth (diagram at > http://www.saltis.org/shib.gif). > (3) Shibboleth requires commercial content providers to implement > special > authorisation services. This may not be a great burden to larger > publishers > (though I understand that the technology has not always been easy to > work > with). But it is often prohibitive for small cottage industries > which, > if > there is to be a healthy supply of innovative learning services, > must > not be > excluded from the market. > (4) the amount of personal data that gets thrown across the net just > to > support an authorisation process which does not actually need any > personal > data at all (a product key or school-level username/password might > suffice). > > My understanding is that Shibboleth has moved in two significant > directions > since 2004: > (1) to remove the WAYF by the use of "wayfless urls", the WAYF being > found > to be unnecessary where students, as predicted, tend to access > content > through the VLE (this addresses problems 1 & 2, though, if you had > started > with this assumption, you would not have adopted Shibboleth in the > first > place); and > (2) to remove any personal data from the profile, ending up with an > anonymous ID and an affiliation to a school (addressing point 4). As > Frances > I think suggests, Shibboleth is not really suited for use as a > provisioning > system, which would be better managed by a SIF-like system. > My own view is that both these developments are moves in the right > direction > and open up opportunities for convergence between existing > SAML/Shibboleth > implementations and new content packaging technologies. > Let me try and explain why I think the convergence is required. > 1. Everything is moving, as stated above, in the direction of > wayfless > urls. > Here is an example of a wayfless url: > https://idp.protectnetwork.org/protectnetwork- > idp/SSO?target=https%3A%2F > %2Fg > abriel.lse.ac.uk%2Fsimon%2Fcgi- > bin%2Fprintenv.pl&shire=https%3A%2F%2Fgab > riel > .lse.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=urn%3Amace%3Aac > .uk% > 3Asd > ss.ac.uk%3Aprovider%3Aservice%3Agabriel.lse.ac.uk > This essentially combines the URL of the site being visited with all > the > information required to manage authentication via a particular > identity > provider. These wayfless URLs need therefore to be created > separately > for > every institution and for every specific link which the institution > wants to > provide for its learners. The creation of wayfless URLs may be a > trivial > task for university computer departments, but for a small primary > school, I > suspect that it is a bit of a show-stopper. > There is a need for content to be disaggregated, so that teachers > can > send > their students straight to the particular piece of content that is > required > for a lesson or homework - this means that there need to a lot of > very > teacher-specific links to be created. > What is needed is for content to distributed (in content packages) > without > any school-specific authentication and authorisation data, but with > whatever > data is required to enable the VLE to add automatically the > learner-specific > authentication and authorisation data required to access the remote > site > transparently. > Transparent authorisation of disaggregated content is an essential > prerequisite for the effective integration of content with VLEs - > and > Shibboleth, even after 5 years of development, does not yet provide > a > viable > solution. > 2. The publishing industry perceives that a key pedagogical > requirement > is > to achieve data integration with the school VLE, e.g. for the > storing of > marks in a common markbook, the saving of state and the returning of > student > product for marking and sharing. This requires that third-party > content > calls back to an API provided by the school VLE. If content > providers > need, > for pedagogical reasons, to implement this callback anyway, and all > the > student identity information is held by the school VLE anyway, why > should > the content providers implement two callbacks where one will do? > I would ask two further questions (and they are genuine questions - > there > may well be good answers): > 1. If it is now recognised that data being passed via Shibboleth > should > be > restricted to anonymous data, why is the bureaucratic overhead of a > trust > federation required at all? There is a pressing need to encourage > innovation > in the market and any unnecessary barrier to entering the market > should > be > removed. Why should I have to establish that I trust someone before > I > send > them anonymous data? > 2. If the industry can implement this functionality without all the > bodging > involved with the creation of wayfless urls, and all the student > identity > information is held in any case in school MIS/VLEs, then why do we > need > duplicate systems to be run at local authority level? > What I expect is a convergence of SAML/Shibboleth technology and > SCORM-type > technologies being used for content-VLE integration. I am hoping > that > SALTIS > will be able to set up a working group in the early summer to look > at > this, > on the back of the outcomes of the BECTA/ISB content packaging > project, > and > we would welcome the participation of the UKAMF and anyone else > working > in > this space. > Details of the content packaging project are at > http://www.saltis.org/papers.htm. > Crispin. > > > _______________________________________________ > Advisory mailing list Advisory@talk.naace.org > http://talk.naace.org/mm/listinfo/advisory > To unsubscribe send a message to Advisory-admin@talk.naace.org with > the > body text: > > unsubscribe Advisory YourEmailAddress > > or: send a message to Advisory-request@talk.naace.org > with the body text: > > unsubscribe YourPassword YourEmailAddress > > JANET(UK) is a trading name of The JNT Association, a company > limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG > > > _______________________________________________ > Advisory mailing list Advisory@talk.naace.org > http://talk.naace.org/mm/listinfo/advisory > To unsubscribe send a message to Advisory-admin@talk.naace.org with > the body text: > > unsubscribe Advisory YourEmailAddress > > or: send a message to Advisory-request@talk.naace.org > with the body text: > > unsubscribe YourPassword YourEmailAddress From Terry Freedman" This is a multi-part message in MIME format. ------=_NextPart_000_0298_01CA74F9.40CD3730 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Colleagues Just a quick note to say that the latest issue of Computers in = Classrooms looks at, amongst other things, the recent general Ofsted = report and the Children, Schools and Familes Bill from an ICT leader's = perspective. More info here: = http://www.ictineducation.org/home-page/2009/12/4/computers-in-classrooms= -december-edition-just-published.html Best wishes Terry ----------------------=20 Terry Freedman, Independent Educational Technology Consultant=20 Website: http://www.ictineducation.org -------------------------------------------------------------------------= ------- The contents of this email and any attachments may contain software = viruses that could damage your own computer systems.=20 Whilst Terry Freedman Ltd has taken every precaution to minimise this = risk, we cannot accept liability for any damage that you may sustain as = a result of software viruses. This email is confidential and intended = for the recipient only. If you have received this email in error, please = inform us immediately and then delete it. Unless it specifically states = otherwise, this email does not form part of a contract. ------=_NextPart_000_0298_01CA74F9.40CD3730 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Colleagues

Just a quick note to say that the = latest issue of=20 Computers in Classrooms looks at, amongst other things, the recent = general=20 Ofsted report and the Children, Schools and Familes Bill from an ICT = leader's=20 perspective.

More info here: http://www.ictineducation.= org/home-page/2009/12/4/computers-in-classrooms-december-edition-just-pub= lished.html

Best wishes

Terry

----------------------

Terry Freedman, Independent Educational Technology Consultant

Website: http://www.ictineducation.org

The contents of this email and any attachments may contain software = viruses=20 that could damage your own computer systems.

Whilst Terry Freedman Ltd has taken every precaution to minimise this = risk,=20 we cannot accept liability for any damage that you may sustain as a = result of=20 software viruses. This email is confidential and intended for the = recipient=20 only. If you have received this email in error, please inform us = immediately and=20 then delete it. Unless it specifically states otherwise, this email does = not=20 form part of a contract.
------=_NextPart_000_0298_01CA74F9.40CD3730-- From lindammartin@btinternet.com Fri Dec 4 18:07:19 2009 From: lindammartin@btinternet.com (LINDA MARTIN) Date: Fri, 4 Dec 2009 18:07:19 +0000 (GMT) Subject: [Advisory] removal from list Message-ID: <192268.60190.qm@web86306.mail.ird.yahoo.com> --0-1810724823-1259950039=:60190 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Please remove me from this forum.=0AThank You=0ALinda Martin --0-1810724823-1259950039=:60190 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Please remove me from this forum.
=0A
Thank Y= ou
=0A
Linda Martin
--0-1810724823-1259950039=:60190--