[Advisory] Sending pupil-level data outside of the school

[Frances Burton]

Hi Crispin

You are right that the WAYF is clunky but is designed as a backstop
solution to the discovery issue in FAM. It is, at present, undergoing a
review of its design by a working group from across all the education
sectors but this aside, the best way to achieve discovery in federated
access management is to avoid it altogether.

WAYFless URLS do look complicated and they are also subject to a review
at present by a working group looking at their format and
standardisation. However, authentication for services will always have a
requirement to work with individual service providers, whether through
FAM or not.

The UK federation provides the trust fabric that underpins the
technology. Those that sign up to the rules of membership basically
agree to tell the truth so Service Providers can have confidence that
the impersonal data they are getting is related to an authentic
individual.

There are local solutions to authentication but the strength of regional
deployments are in the opportunity for wider benefits. They have the
potential to relieve the school of the burden of credential
administration and the burden for, particularly smaller service
providers, generating and administering login details. SPs are happy to
be able to sell their services on a regional level and not have to
administer logins for figures like 750,000 users per region.

The 14-19 agenda has students working in both school and college and a
regional deployment at LA/RBC level gives the flexibility for those
users to authenticate with one set of credentials rather than having
separate accounts created in College and School. It also allows access
to resources for pupils who are not always in a school setting, even if
they are associated with one region but physically working from another.

It is my understanding that Local Authorities have a responsibility for
identity management and have operational requirements for accessing the
data held in school MIS, therefore, school controlled MIS data is
already being re-used at LA level.

Given that this information has a place at LA/RBC level then there is an
opportunity to provide authentication to access not just online
services, but for parents to access children's assessment data, staff to
access email services, and simplified sign-on, based on roles, being
finely granulated to authenticate a user to access services in one
school as a teacher, another as a parent or governor and, perhaps, the
LA as a student. Identity management in this context cannot be achieved
inside a VLE but can be applied equally to a VLE. Therefore the benefits
of a UK wide Access management system are not just in school, and not
just within the needs of educational content in VLE's, there are other
regional systems and services that can benefit from a robust and privacy
preserving authentication system. 

Details of case studies for regional deployments in the schools sector
can be found at
http://www.ukfederation.org.uk/content/Documents/CaseStudies.

Kind regards

Frances



-----Original Message-----
From: advisory-admin@talk.naace.org
[mailto:advisory-admin@talk.naace.org] On Behalf Of Crispin Weston
Sent: 03 December 2009 08:23
To: 'Paul Browning'; advisory@talk.naace.org
Subject: RE: [Advisory] Sending pupil-level data outside of the school

> Is this not where the UKAMF comes in?
> 
> http://www.ukfederation.org.uk/
Hi Paul,
Yes and no! And apologies in advance for the essay.
You have to face the fact that, five years after its initial roll-out
for
the schools sector, take-up of Shibboleth, particularly by commercial
publishers, remains poor.
Personally, I have always had my reservations about Shibboleth,
believing
that, at least as originally conceived, it implemented an inappropriate,
HE
model. It assumed that students would land on whatever resource they
wanted
and this resource would call back, via a "Where are you from" service,
to
fetch whatever personal data the service required from the identity
provider.
Back in I think 2004, my principle objections were 
(1) the clunky "Where are you from" service pretty much defeated the
whole
object of single sign-on, which was to make sign-on transparent.
(2) at schools level, students will access resources *through* the VLE
gateway. Given this model and given proper attention to VLE
interoperability, the VLE can handle authorisation transparently without
the
unnecessary complexity of Shibboleth (diagram at
http://www.saltis.org/shib.gif).
(3) Shibboleth requires commercial content providers to implement
special
authorisation services. This may not be a great burden to larger
publishers
(though I understand that the technology has not always been easy to
work
with). But it is often prohibitive for small cottage industries which,
if
there is to be a healthy supply of innovative learning services, must
not be
excluded from the market.
(4) the amount of personal data that gets thrown across the net just to
support an authorisation process which does not actually need any
personal
data at all (a product key or school-level username/password might
suffice).

My understanding is that Shibboleth has moved in two significant
directions
since 2004: 
(1) to remove the WAYF by the use of "wayfless urls", the WAYF being
found
to be unnecessary where students, as predicted, tend to access content
through the VLE (this addresses problems 1 & 2, though, if you had
started
with this assumption, you would not have adopted Shibboleth in the first
place); and 
(2) to remove any personal data from the profile, ending up with an
anonymous ID and an affiliation to a school (addressing point 4). As
Frances
I think suggests, Shibboleth is not really suited for use as a
provisioning
system, which would be better managed by a SIF-like system.
My own view is that both these developments are moves in the right
direction
and open up opportunities for convergence between existing
SAML/Shibboleth
implementations and new content packaging technologies.
Let me try and explain why I think the convergence is required.
1. Everything is moving, as stated above, in the direction of wayfless
urls.
Here is an example of a wayfless url:
https://idp.protectnetwork.org/protectnetwork-idp/SSO?target=https%3A%2F
%2Fg
abriel.lse.ac.uk%2Fsimon%2Fcgi-bin%2Fprintenv.pl&shire=https%3A%2F%2Fgab
riel
.lse.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=urn%3Amace%3Aac.uk%
3Asd
ss.ac.uk%3Aprovider%3Aservice%3Agabriel.lse.ac.uk
This essentially combines the URL of the site being visited with all the
information required to manage authentication via a particular identity
provider. These wayfless URLs need therefore to be created separately
for
every institution and for every specific link which the institution
wants to
provide for its learners. The creation of wayfless URLs may be a trivial
task for university computer departments, but for a small primary
school, I
suspect that it is a bit of a show-stopper.
There is a need for content to be disaggregated, so that teachers can
send
their students straight to the particular piece of content that is
required
for a lesson or homework - this means that there need to a lot of very
teacher-specific links to be created.
What is needed is for content to distributed (in content packages)
without
any school-specific authentication and authorisation data, but with
whatever
data is required to enable the VLE to add automatically the
learner-specific
authentication and authorisation data required to access the remote site
transparently.
Transparent authorisation of disaggregated content is an essential
prerequisite for the effective integration of content with VLEs - and
Shibboleth, even after 5 years of development, does not yet provide a
viable
solution.
2. The publishing industry perceives that a key pedagogical requirement
is
to achieve data integration with the school VLE, e.g. for the storing of
marks in a common markbook, the saving of state and the returning of
student
product for marking and sharing. This requires that third-party content
calls back to an API provided by the school VLE. If content providers
need,
for pedagogical reasons, to implement this callback anyway, and all the
student identity information is held by the school VLE anyway, why
should
the content providers implement two callbacks where one will do?
I would ask two further questions (and they are genuine questions -
there
may well be good answers):
1. If it is now recognised that data being passed via Shibboleth should
be
restricted to anonymous data, why is the bureaucratic overhead of a
trust
federation required at all? There is a pressing need to encourage
innovation
in the market and any unnecessary barrier to entering the market should
be
removed. Why should I have to establish that I trust someone before I
send
them anonymous data?
2. If the industry can implement this functionality without all the
bodging
involved with the creation of wayfless urls, and all the student
identity
information is held in any case in school MIS/VLEs, then why do we need
duplicate systems to be run at local authority level?
What I expect is a convergence of SAML/Shibboleth technology and
SCORM-type
technologies being used for content-VLE integration. I am hoping that
SALTIS
will be able to set up a working group in the early summer to look at
this,
on the back of the outcomes of the BECTA/ISB content packaging project,
and
we would welcome the participation of the UKAMF and anyone else working
in
this space.
Details of the content packaging project are at
http://www.saltis.org/papers.htm.
Crispin.


_______________________________________________
Advisory mailing list Advisory@talk.naace.org
http://talk.naace.org/mm/listinfo/advisory
To unsubscribe send a message to Advisory-admin@talk.naace.org with the
body text:

unsubscribe Advisory YourEmailAddress

or: send a message to Advisory-request@talk.naace.org
with the body text:

unsubscribe YourPassword YourEmailAddress

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG