Identity Management in Education July 28, 2012
Posted by ajackl in Education, Enterprise Architecture, Schools Interoperability Framework, Standards.trackback
Over the next few months I am going to be attacking the issue of Identity Management in education. As I started framing this I was struck by the large number of different approaches and facets to this topic. So I am going to post about three times a month or so and I will start by laying out in this post the topics I might cover. Hopefully this will encourage some dialogue and give people a chance to react, ask questions and clarify anything that might be critical or interesting.
One set of questions my friend Wayne Ostler, from Pearson, asked me is:
- What is this blog series trying to communicate?
- Is it just wanting to inform readers about the issues/problem space?
- Is this blog trying to suggest best practices?
- Is this blog trying to set the stage for “standards”?
I am not sure… I think my intent is to explore this topic in a public space and use the conversation to inform the standards and to generate some best practices.
So here is a list of topics that I hope to refine into a reasonable set of topics over the upcoming weeks:
Privacy: FERPA, HIPPA, record-level access, identifying data access, notification , disclosure, and consent
Security: encryption, authentication
Access: authorization, small-cell-size, drill through
Use of Social Security Number and other Personally-Identifiable-Information (PII) issues
Government mandates or funding: “ARRA calling for cross-state, cross-segment data trails” (the government has many heads- not all of them realize what the implications are of what they are asking)
Types of Identifiers: GUIDS, dot notation, URIs, content-based identifiers, biometrics
Person Identity vs. Record Identity: Often people confuse these two and it is a critical issue when dealing with longitudinal data systems and identity.
Single-Sign-On (SSO) and Federated Identity
The dimensions of Identity Management: horizontal, vertical, cross-organizational, and time.
Building systems to manage identity in all its dimensions
The data elements needed to establish identity
Resources
Please let me know if there are topic areas I should include that I missed. I look forward to exploring this topic! Thank you!
Reading the Tea Leaves 
These are a fairly ambitious list of topics, but I’d venture to suggest one more. Which of the competing technologies holds the most promise for education, and how / can they be combined to solve common identity management problems in an educational organization: OpenID, Shibboleth, SAML, LDAP, ….
Good idea – I will add that to the list….
Hey Alex: Great set of topics! Recently I’ve been thinking about federated permissions. It’s probably a part Federated ID but one that doesn’t get enough attention. In May I wrote up a couple of use cases on my blog here: http://www.ofthat.com/2012/05/federated-permissions-post-facebook.html.
Thanks Brandt. Yes- one of the issues with this topic is that there are dozens of child topics underneath it that are directly relevant. The question becomes what to talk about first and how. I will definitely continue the conversation from your blog when I get to federated identity. As always the issue starts to become who manages a portable identity.
To have a clean user interface you need to have some centralized context but people resist the id of a “directory”that is in any way authoritative because of the control issues and lack of trust of the body controlling the registry. It is an exciting topic and one we need to resolve if we are going to provide ubiquitous access to a learner’s “profile” and “record” to the learner themselves and their designated educators.